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CLEAR  CHOICE  TESQ^ 

Single  sign-on 
moves  to  the  cloud 

Okta,  OneLogin  score  high  in  test  of  8 
SSO  solutions  that  beef  up  app  security. 
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DEFINED  CISCO 

WHAT  MICROSOFT  DID 

RIGHT/WRONG 


Lower  management  costs. 
None  of  the  compromises. 


You’ve  been  looking  for  IT  solutions  that  meet  the  increasingly  sophisticated  demands 
on  your  infrastructure.  IBM  Flex  System,™  featuring  Intel®  Xeon®  processors,  provides 
simplicity,  flexibility  and  control  in  a  system  that  doesn’t  require  compromise. 

It  supports  up  to  twice  the  number  of  virtual  machines  as  the  previous  generation  of 
blade  servers.1  And  IBM  Flex  System  Manager™  can  help  reduce  management  costs 
by  providing  visibility  and  control  of  all  physical  and  virtual  assets  from  a  single  vantage 
point.2 

You  can  select  individual  elements  and  integrate  them  yourself  or  with  the  support 
of  an  IBM  Business  Partner.  Or  you  can  choose  an  IBM  PureFlex™  System  and 
leverage  IBM’s  expert  integration  for  an  even  simpler  experience.  Learn  more  at 
ibm.com/systems/no_compromise 

Learn  why  Clabby  Analytics  says  IBM  Flex  System  is  the  best  blade  offering  in  the 
market.  Download  the  paper  at  ibm.com/systems/no_compromise 


1  Based  on  IBM  testing  and  documented  in  IBM  System  x®  Virtualization  Server  Consolidation  sizing  methodology.  IBM  Rex  System  x240  supports  2.7X  more  Peak  Utilization  Virtual 
Machines  (V Ms)  than  previous  generation  BladeCenter®  HS22V. 

2  Based  on  IDC  white  paper  "The  Economics  of  Virtualization:  Moving  Toward  an  Application-Based  Cost  Model,"  Michelle  Bailey,  November  2009, 
http://www.vmware.com/files/pdfA/irtualization-application-based-cost-model-WP-EN.pdf 

Optional  IBM  Flex  System  storage  node  available  fourth  quarter  2012. 

IBM,  the  IBM  logo,  System  x,  BladeCenter;  PureFlex  IBM  Flex  System  Manager  and  IBM  Flex  System  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation,  registered 
in  many  jurisdictions  woridwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  For  a  current  list  of  IBM  trademarks,  see  www.ibm.com/legal/copytradeshtml. 
Intel,  the  Intel  logo,  Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  U.S.  and/or  other  countries.  ©International  Business  Machines  Corporation 
2012.  All  rights  reserved. 
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Pre-Configured  Physical 
infrastructures  Save  Time, 

Aid  Validation  When  Building 
or  Expanding  the  Data  Center 


The  cost  to  design,  build  and  commission  a  data  center  continues  to  increase  as 

the  price  of  labor,  real  estate,  and  utilities  escalates.  Organizations  are  being  challenged  to  bring  new  data  center  capabilities 
into  production  faster  to  maximize  return  on  investment  (ROI)  for  IT  expenditures,  driving  the  need  for  shorter  lead  times  to 
design,  specify  and  deploy  the  infrastructure. 


At  the  same  time,  new  higher-density  technologies  and  virtualization  are  complicating  the  specification  of  power  distribution, 
thermal  management  and  space  utilization  and  impacting  network  reliability.  The  physical  infrastructures  needed  to  support 
these  new  technologies^are  becoming  increasingly  complex. 

Virtualization  and  consolidation  are  also  driving  new  network  architectures.  Rather  than  thinking  in  terms  of  cabinets  and 
numbers  of  servers  deployed,  facilities  managers  and  infrastructure  managers  are  being  challenged  to  think  in  terms  of  standard 
compute,  network,  storage,  power  and  cooling  modules  as  they  scale  out  their  facilities. 

Today,  more  organizations  seek  a  unified  approach  to  physical  and  logical  systems  architecture  to  fully  address  the  need  for 
availability,  agility,  integration  and  security.  A  recent  IDG  Research  Services  survey  shows  that  data  center  managers  are  interested 
in  new  pre-configured  physical  infrastructure  designs  that  reduce  the  risk  of  building  or  expanding  the  data  center. 

The  data  center  is  the  focus  of  much  activity  as  businesses  embark  upon  a  wide  variety  of  fresh  initiatives  in  their  quest  for 
innovation.  Nearly  two-thirds  of  survey  respondents  report  their  companies  have  plans  to  build  or  modify  one  or  more  data 
centers.  Data/business  growth  and  disaster  recovery/business  continuity  are  the  biggest  drivers  of  data  center  construction 
or  expansion  plans,  according  to  survey  respondents. 

When  planning  data  center  construction  or  expansion,  companies  place  high  priority  on  scalability/upgradability  as  well  as 
speed  of  deployment.  Respondents  report  that  data  center  construction  most  often  slows  down  in  the  planning  phase. 

Respondents  feel  the  "best  of  brand"  and  pre-configured  approaches  to  physical  infrastructure  configuration  can  help  to  reduce 
total  cost  of  ownership  (TCO)  and  maintain  network  reliability  when  building  or  expanding  the  data  center.  Roughly  half  cite  a 
reduction  in  TCO  and/or  ensuring  optimal  hardware  performance  as  benefits  of  using  a  "best  of  brand"  approach.  Respondents 
also  cite  predictable  performance  as  another  top  benefit  of  a  pre-configured  approach  to  physical  infrastructure  design. 


Panduit  Solutions  Can  Help 

Panduit's  pre-configured  physical  infrastructure  design  offering  is  different  from  pre-assennbled  infrastructure 
solutions  delivered  in  containers.  Panduit's  pre-configured  physical  infrastructures  enable  a  full  and  robust 
modular,  POD. 

The  Panduit  pre-configured  physical  infrastructure  offering  features  a  variety  of  benefits,  including: 

■  Pre-configured  cabinets  and  pre-terminated  cable  assemblies  reduce  installation  times  by  up  to  65%. 
r  Reference  designs  provide  guidance  for  complex  technology  deployments,  reducing  reliance  on 
multiple  component  vendors. 

n  Pre-configured/pre-terminated  product  sets  can  minimize  labor  and  reduce  installation  costs. 

Panduit  Advisory  Services  creates  detailed  data  center  infrastructure  specifications  that  consider 
the  interdependency  of  power,  space  and  cooling  to  eliminate  overprovisioning  and  minimize  costs 
due  to  mistakes  or  inability  to  integrate  components,  r 
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For  more,  visit  www.networkworld.com/whitepapers/panduit-solutions-2 
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FROM  THE  EDITOR  JOHN  DIX 

The  multifaceted 
budget  process 


6  Bits  Comments, 

Blogs  and  Online 

8  Trend  Analysis 

Dell’s  acquisitions  not  yet 
paying  dividends. 

BY  AGAM  SHAH, 

IDG  NEWS  SERVICE 


With  the  bulk  of  the  IT  budgets  ill  place 

for  2013,  it  is  a  good  time  to  reflect  on  how 
the  budget  process  has  morphed  over  the 
years  to  accommodate 
shifts  in  technology 
and  evolving  corporate 
demands  and  priorities. 

It  has  been  decades  since  IT  could  hole  up  in  its  glass 
castle  and  dictate  how  and  when  IT  dollars  would  be 
spent  on  what,  but  every  passing  year  increases  the  pres¬ 
sure  on  IT  to  accommodate  more  voices  in  the  process. 

That  isn’t  to  say  the  fundamentals  have  faded  away.  It 
still  starts  with  trying  to  figure  out  how  much  money  to 
allocate  to  operations  vs.  investing  in  techs  that  will  drive  growth  or  transform  the 
business  (the  oft-cited  run/grow/transform  buckets).  It  is  just  that  the  process  has 
to  be  so  much  more  collaborative  now  that  technology  is  more  accessible  and  people 
across  the  organization  see  the  potential  to  use  it  to  further  their  corporate  goals. 

So,  besides  the  usual  pitches  from  line-of-business  folks,  you  now  have  to  deal 
with  everything  from  HR  wanting  to  explore  techs  designed  to  facilitate  team¬ 
building  to  marketing  hounding  you  about  tools  and  strategies  for  how  to  get  more 
out  of  social  media. 

Of  course  some  budget  process  change  has  been  driven  by  corporate  edict,  such 
as  demands  to  get  smarter  about  energy  consumption.  Since  the  facilities  group 
still  often  pays  the  IT  power  bills,  that  has  meant  synching  up  with  them  to  figure 
out  where  the  money  is  going  and  developing  strategies  to  review  IT  purchase 
decisions  with  an  eye  on  increasing  efficiency. 

And  then  there  are  the  budget  demands  driven  by  the  exploding  BYOD  move¬ 
ment.  Employees  are  clamoring  to  use  their  new  smartphones  and  tablets  to  access 
corporate  resources  and  many  department  heads  are  anxious  to  leverage  that 
enthusiasm,  meaning  calls  are  coming  in  from  across  the  organization  to  explore 
what  needs  to  be  done  to  make  that  happen. 

But  perhaps  the  most  profound  change  involving  the  budget  process  is  the 
emergence  of  cloud  computing.  Business  units,  departments  and  even  individual 
employees  are  exploring  use  of  various  cloud  services,  sometimes  without  the 
knowledge  or  consent  of  IT.  Simply  trying  to  outlaw  the  practice  isn’t  an  adequate 
strategy.  As  one  IT  leader  said  privately,  “People  can  and  will  work  around  us  if  they 
feel  IT  is  not  on  their  side,  doesn’t  understand,  or  is  unresponsive  or  ineffective.” 

That  means  IT  has  to  proactively  engage  parties  interested  in  assessing  cloud 
options,  adding  still  more  voices  and  options  to  the  already  complex  IT  budget 
process. 

Where’s  the  good  news  in  all  of  this?  IT  is  growing  ever  more  important  to  the 
organization,  and  you’re  still  in  the  catbird  seat. 
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Nicira  CTO  shares  peek  of 
company's  SDN  plans. 

BY  BRANDON  BUTLER 

9  Trend  Analysis 

Juniperjumpson 
SDN  startup. 
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22  Tool  Shed 
Gearhead 

Poor  timepiece, 
great  calculations. 

BY  MARK  GIBBS 

23  Cool  Tools 

The  Coolest  Tools  of  2012. 

BY  KEITH  SHAW 

24  Clear  Choice  Test 

Single  sign-on 
moves  to  the  cloud. 

BY  DAVID  STROM 

34  Backspin 

Want  an  iPhone  5?  You 
might  get  tasered  first. 

BY  MARK  GIBBS 
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BlackBerry  blacklists 
the  Pooh  gang. 

BY  PAUL  MCNAMARA 


www.networkworld.com  DECEMBER  17, 2012  5 


imimi 


Heard  of  pay  per  view? 
How  about  pay  per  LAN? 

HP  WILL  ALLOW  enterprisesto  pay  for  managed  LAN  offer¬ 
ings  based  on  usage,  in  much  the  same  way  they  pay  for  cloud 
services,  through  a  partnership  with  telecom  service  providers. 
HP's  FlexNetwork  Utility  Advantage  Program  will  let  enterprises 
pay  a  monthly  fee  for  networking  equipment,  based  on  the 
number  of  ports  used,  for  example.  The  first  operator  to  get 
onboard  is  Swisscom,  which  is  offering  HP’s  switches  for  $6.50 
per  month  per  Gigabit  Ethernet  port,  tinyurl.com/c52nnws 


IT  hiring 
looking  rosy 

NEARLY  TWICE  as  many  CIOs 
are  planning  to  expand  their 
IT  departments  in  the  coming 
quarter  than  were  three  months 
ago,  according  to  Robert  Half 
Technology.  In  the  firm’s  latest 
staffing  report,  17%  of  CIOs 
said  they  plan  to  expand  their 
departments  in  the  first  quarter 
of  2013,  up  from  9%  in  the  prior 
quarter.  Just  8%  anticipate 
cutbacks  in  the  first  quarter. 
Finding  talent  remains  a  chal¬ 
lenge,  said  63%  of  the  1,400 
CIOs  polled.  Database  manage¬ 
ment  is  the  skill  set  in  greatest 
demand,  cited  by  48%  of  CIOs. 
Network  administration  and 


web  development/website 
design  followed,  cited  by  47% 
and  33%,  respectively,  tinyurl. 

com /d2pys6z 

RIM  lands  gov’t 
contract 

U.S.  IMMIGRATION  and 

Customs  Enforcement  (ICE) 
will  begin  a  pilot  deployment 
of  smartphones  running  RIM’s 
new  BlackBerry  10  OS  early 
next  year.  The  deal,  announced 
last  week,  is  the  first  major  U.S. 
government  agreement  disclosed 
by  RIM  for  the  OS  ahead  of  its 
planned  launch  on  Jan.  30.  The 
size  of  the  deal  is  unknown,  but 
it  is  an  important 
psychological  boost 
for  RIM  and  a  good 
public  endorsement. 

For  years  a  mainstay 
of  U.S.  government 
mobile  communica¬ 
tions,  users  have 
become  increasingly 
dissatisfied  with 
BlackBerry  devices  as 
competing  smart¬ 
phones  emerged 
with  bigger  screens, 
new  features  and 


II 


thousands  of  apps.  BlackBerry 
10  and  a  new  array  of  handsets 
are  RIM’s  answer,  but  the  big 
question  is  how  many  organiza¬ 
tions  will  stick  around  or  come 
back  to  RIM.  tinyurl.com/ 
cdagc4q 

Data  deluge 
shows  no  signs 
of  slowing 

DURING  THE  next  eight  years, 
the  amount  of  digital  data  pro¬ 
duced  will  exceed  40  zettabytes, 
which  is  the  equivalent  of 
5,200GB  of  data  for  every  man, 
woman  and  child  on  Earth, 
according  to  an  updated  Digital 
Universe  study.  To  put  it  in 
perspective,  40  zettabytes  is  40 
trillion  gigabytes  —  estimated  to 
be  57  times  the  amount  of  all  the 
grains  of  sand  on  all  the  beaches 
on  Earth.  To  hit  that  figure,  all 
data  is  expected  to  double  every 
two  years  through  2020.  tinyurl  . 
com /cszjony 

Young  people 
bedding  their 
smartphones 

JUST  HOW  tethered  to  their 
mobile  devices  are  young 
people?  Apparently  they  sleep 
together.  Among  1,800  Gen  Y 
students  and  workers  (aged  18  to 


Looking  back 
at  2012 


Check  out  videos  highlight¬ 
ing  the  year  that  was  in  the 
world  of  gadgets,  robots, 
tech  news,  enterprise  news, 
Apple  and  more. 
tinyurl.com/d6j92mm 


30)  surveyed  by  Cisco,  90%  say 
they  check  their  smartphones  for 
updates  in  email,  texts  and  social 
media  sites,  often  before  they  get 
out  of  bed;  75%  use  them  in  bed; 
and  40%  say  they  would  feel 
like  a  part  of  them  was  missing  if 
they  couldn’t  use  their  smart¬ 
phone.  tinyurl.com/ct7ftwy 

Microsoft  mulls 
IE  disclosure  leak 

MICROSOFT  REFUTED  claims  last 
week  that  an  information  disclo¬ 
sure  leak  in  its  Internet  Explorer 
browser  poses  a  privacy  risk, 
arguing  that  the  company  publi¬ 
cizing  the  issue  is  seeking  to  put 
its  competitors  in  an  unfavorable 
light.  Spider.io,  a  U.K.-based 
company  in  the  advertising 
analytics  field,  alleged  that 
two  unnamed  companies  are 
improperly  using  a  flaw  in  IE 
versions  6  through  10  that  allows 
them  to  track  whether  display 
advertisements,  sometimes 
buried  far  down  in 
web  pages,  are  actually 
viewed  by  users.  Spider, 
io  also  alleged  the  issue 
could  be  used  by  an 
attacker  to  figure  out 
what  keys  a  person  is 
clicking  on  a  virtual 
keyboard.  Microsoft 
rejected  the  allegation, 
saying  there’s  no  way 
for  an  attacker  to  know 
what  kind  of  content  is 
below  a  cursor,  tinyurl. 
com/cubu4gm 
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Call  to  action  on  'Net  standards 

©  HISTORICALLY  THE  POLICIES  of  the 

Internet  have  been  built  from  a  culture 
that  believes  in  free  speech  and  open 
competition,  and  that  rights  are  native  to 
the  individual  and  given  to  the  state  (Re: 
“IETF  vs.  ITU:  Internet  standards  face- 
off”:  tinyurl.com/cxva35w). 

This  cultural  “bias”  is  what  has  made 
the  Internet  so  important  and  effective  in 
revolutions  and  defending  the  rights  of 
the  governed.  If  only  companies  and  gov¬ 
ernments  run  the  Internet,  the  cultural 
bias  toward  freedom  may  well  be  lost. 

I  have  been  in  IT  since  before  the  Inter¬ 
net  existed.  I  remember  when  networks 
were  all  private  and  run  according  to 
corporate  goals.  There  was  no  free  com¬ 
munication  or  interchange  of  data. 

I  urge  our  industry  to  become  aware 
of  this  matter  and  weigh  in  on  the  side  of 
freedom  of  speech  and  expression. 

Mark  Massey 

Google:  Know  your  own  history 

©THE  NICE  THING  about  Google  is  that 
you  don’t  give  them  your  information; 
you  share  it  with  them.  You  can  see  your 
file  at  any  time.  Play¬ 
ing  Ingress  basically 
means  that  Google 
knows  where  I  am  at 
any  time.  But  I  can  go 
to  Location  History 
and  see  precisely 
what  they  know,  and 
selectively  delete  it  (Re: 

“Google  Ingress:  How 
to  save  the  world  with 
your  Android  phone”; 
tinyurl.com/a22qcpg). 

Google  spends  lots 
of  time  personalizing 
your  ads,  but  you  can 
go  in  and  tell  them 
exactly  what  ads  you  want  to  see  (and  see 
what  they  thought  you  would  want  to  see). 

vintermann 

Of  course  true  open  source  exists 

©  IN  THE  DEC.  3  issue,  “RV”  says  that 
“nothing  comes  for  free  in  this  world 
because  no  one  is  working  for  free.  There¬ 
fore,  I  believe  there  is  no  true  open  source” 
(Re:  “What  Cisco  and  Dell’s  Cloupia  and 
Gale  acquisitions  mean  to  the  future  of 
IT”;  tinyurl.com/bnyukwo). 

Clearly,  RV  has  not  been  around  in 


open  source  circles  very  much.  There  are 
tons  of  programmers  working  for  free  on 
open  source  projects;  lam  one  of  them. 

My  entire  company  is  based  on  open 
source  software,  and  while  I  rarely  delve 
into  the  source  code  of  those  programs,  I 
gain  a  lot  from  the  open  source  com¬ 
munity  in  its  support  of  my  company.  So 
when  I  write  my  own  code  and  release 
it  to  the  public,  or  work  on  open  source 
projects,  or  contribute  features,  patches 
and  bug  requests,  one  could  make  the 
argument  that  I  am  trading  my  work  for 
other  people’s  work,  but  the  notion  that 
open  source  doesn’t  exist  is  very  odd. 

Jon  Daley 

Clarification  on  Spacetrack  Radar 

©  ACTUALLY  THE  CURRENT  Spacetrack 
Radar,  the  A/N  FPS-85,  was  brought 
online  in  1968-69,  not  1961.  The  first  one 
burned  down  and  was  replaced  with  the 
current  one  with  minimum  changes.  I 
actually  help  track  the  “very  first  object” 
ever  tracked  with  the  radar  in  1968  using 
what  was  called  a  suitcase  processor  (Re: 
“Air  Force  sets  first  post  in  ambitious  Space 
Fence  project”;  tinyurl.com/cmfk6zw). 

JoeZim 

iOS  or  Android? 

©  IT  COMES  DOWN 

to  the  control  of  the 
development  and  dis¬ 
tribution.  First,  there 
is  only  one  place  to  get 
iOS  apps.  The  DRM  is 
decent,  but  more  impor¬ 
tant,  Apple  engineers 
control  the  OS  (Re: 
“Apple  iOS  vs.  Google 
Android:  It  comes  down 
to  security”;  tinyurl. 
com/cvd4x4t). 

Google  started  off 
correctly  with  the  idea  of  a  free  Unix 
platform,  but  then  made  two  mistakes: 
They  based  their  platform  on  Java  instead 
of  a  native/performance  language,  and 
they  had  no  requirements  for  hardware. 
The  early  days  of  mobile  applications 
had  these  very  problems:  performance 
and  fragmentation.  Google  should  have 
known  this  and  factored  it  in.  Of  course, 
there  is  also  the  issue  of  a  single  point  of 
purchase,  rampant  piracy  and  a  question¬ 
able  app  development  environment. 

BiglnMemphis 


If  only  compa¬ 
nies  and  govern¬ 
ments  run  the 
Internet,  the 

cultural  bias 
toward  freedom 
may  well  be  lost. 
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TREND  ANALYSIS 


Dell’s  acquisitions  not  yet  paying  dividends 


BYAGAM  SHAH,  IDG  NEWS  SERVICE 

DELL’S  EFFORT  to  move  away  from  PCs 
into  enterprise  products  has  been  slow  as 
the  company  battles  a  challenging  economy 
and  tries  to  weave  together  acquisitions  in  a 
coherent  manner. 

Dell’s  legacy  has  been  entrenched  in  the  PC 
business,  but  in  recent  years  it  has  focused  on 
moving  into  the  fast-growing  enterprise  seg¬ 
ment  to  improve  profits.  Dell  is  pushing  hot 
technologies  like  cloud  and  virtualization 
products  to  link  its  mainstay  client  and  server 
hardware  business  to  newer  business  areas 
such  as  networking,  storage,  services  and, 
increasingly,  software. 

Dell’s  acquisition  spree  over  the  past  few 
years  has  helped  reshape  its  strategy.  Dell 
spent  $4.9  billion  on  seven  companies  this 
year,  with  a  marquee  acquisition  of  Quest 
Software,  which  is  the  “foundational  plat¬ 
form”  for  the  company’s  evolving  software 
strategy,  said  Dell  CFO  Brian  Gladden  at  a 
technology  conference  last  month. 

But  while  Dell  seems  to  be  making  the 
right  moves,  analysts  say  it  has  been  slow  to 
pull  together  assets  from  the  acquisitions  to 
simplify  product  lines.  Many  of  the  acquired 
companies  are  operating  independently  and 
have  unrelated  products,  which  is  hurting 
Dell’s  long-term  plan  to  expand  product  sales. 
It  could  be  years  until  such  results  are  visible. 
Looking  back  at  this  year,  analysts  are  also 
wondering  how  long  it  will  take  for  the  com¬ 
pany  to  establish  a  cohesive  software  strategy 
around  Quest,  which  offers  a  range  of  soft¬ 
ware  for  database  management,  data  protec¬ 
tion,  virtualization,  compliance  and  security. 

A  challenging  economy  also  has  custom¬ 
ers  tightening  pockets  and  delaying  purchase 
plans,  which  is  an  ongoing  issue  for  Dell’s 
integration  efforts.  Dell’s  revenue  for  the  most 
recent  quarter  ending  on  Nov.  2  was  $13.7  bil¬ 
lion,  a  fall  of  11%  compared  to  the  same  quar¬ 
ter  a  year  ago.  Net  income  also  dropped  to 
$475  million  during  the  quarter  from  $893 
million  a  year  ago. 

The  company  could  be  biting  off  more  than 
it  can  chew  with  its  dozens  of  acquisitions, 
but  it  is  trying  to  expand  its  sales  reach  by 
bringing  together  a  wide  range  of  products, 
says  Roger  Kay,  principal  analyst  at  Endpoint 
Technologies  Associates. 

‘A  transition  like  this  is  not  easy,  and  inevita¬ 
bly  there  will  be  a  period  where  the  gap  is  glar¬ 
ing,”  Kay  says.  “It  could  take  another  five  years 
for  it  to  reach  some  kind  of  critical  mass  that 
will  support  the  company’s  cost  structure.” 

Dell  in  recent  years  has  acquired  largely 


profitable  companies,  with  some  offering 
complementary  products  and  others  pushing 
the  company  into  new  markets.  In  addition  to 
Quest,  other  key  acquisitions  include  services 
company  Perot  Systems,  storage  companies 
EqualLogic  and  Compellent,  cloud  company 
Boomi,  systems  management  company  Kace, 
virtual  desktop  company  Wyse  Technologies, 
networking  company  ForcelO  Networks  and 
security  company  Secure  Works. 

Dell’s  acquisitions  are  relevant  to  its  strat¬ 
egy  but  the  transition  requires  that  the  sales- 
force  be  “re-engineered”  to  sell  enterprise 
products,  which  can  be  harder  than  build¬ 
ing  new  enterprise-focused  products  and 
services,  says  Matthew  Eastwood,  group 
vice  president  and  general  manager  of  IDC’s 
Enterprise  Platform  Group. 

“This  is  a  marathon,  not  a  sprint.  But  it’s  a 

A  transition  like 
this  is  not  easy, 
and  inevitably  there 
will  be  a  period  where 
the  gap  is  glaring. 

ROGER  KAY,  PRINCIPAL  ANALYST, 

ENDPOINT  TECHNOLOGIES  ASSOCIATES 

safer  strategy  with  better  potential  than  doing 
big  bang  acquisitions.  But  it  does  take  time,” 
Eastwood  says.  “Think  IBM  over  the  past  20 
years  or  EMC  over  the  past  10  years  versus 
what  HP  tried  to  do  with  EDS  and  Autonomy.” 

PC  demand  is  also  falling  off  much  faster 
than  Dell  can  make  up  for  with  the  enterprise 
infrastructure  and  software  segment.  East- 
wood  says. 

“The  recent  and  sudden  drop  in  PC 
demand  caught  many  by  surprise.  If  demand 
stays  this  soft,  Dell  could  face  a  call  to  split  the 
company  because  their  enterprise  assets  are 
clearly  being  undervalued  on  Wall  Street,” 
Eastwood  says. 

But  Dell  is  determined  to  retain  its  PC  busi¬ 
ness  to  deliver  a  full  portfolio  of  client  and 
server  products.  Moving  away  from  low-cost 
PCs,  its  focus  now  is  on  higher-priced  com¬ 
puters  like  the  XPS  desktops  and  laptops 
that  can  deliver  better  margins.  Homegrown 
smartphone  sales  have  been  scrapped  in 
favor  of  higher-priced  tablets  like  the  $499 
XPS  10  and  $649  Latitude  10  that  can  be  used 
at  work  and  play.  The  burgeoning  bring-your- 
own-device  usage  model  is  seen  by  Dell  as  key 
to  selling  more  client  products  to  enterprises, 
and  it  hopes  Wyse  will  play  a  big  role  in  that. 

But  the  biggest  question  revolves  around 
Quest  Software.  It  was  acquired  for  $2.4 


billion  and  is  the  centerpiece  of  Dell’s  wide- 
ranging  software  strategy,  which  was  put  into 
play  this  year,  notes  Charles  King,  principal 
analyst  at  Pund-IT. 

Dell  isn’t  a  big  software  company  and  King 
says  that  rounding  up  Dell’s  existing  software 
assets  around  Quest  could  take  a  while.  Dell 
hopes  to  unify  software  tools  from  acquired 
companies  like  Wyse,  Kace,  Secure  Works, 
SonicWall,  AppAssure,  Scalent,  Make  Tech¬ 
nologies,  Clerity  and  Boomi  under  Quest.  The 
software  offerings  will  complement  Dell’s 
services  and  data-center  technology  stack, 
which  includes  PowerEdge  servers  and  a 
growing  list  of  networking  and  storage  prod¬ 
ucts  being  acquired  by  the  company. 

Dell’s  Gladden  says  the  company  is  still 
doing  its  due  diligence  on  Quest,  and  integrat¬ 
ing  assets  is  not  an  overnight  job. 

“We  see  it  as  we  work  through  that  process 
and  [do  our]  due  diligence  of  understanding 
the  company,  [that  it’s]  not  only  a  lot  of  inter¬ 
esting  portfolio  products  to  help  us  in  other 
parts  of  our  portfolio  aligned  with  cloud, 
security  focus  and  systems  management  and 
some  of  the  things  we  already  have  in  the  mar¬ 
ketplace,  but  also  an  opportunity  to  run  the 
place  better,”  Gladden  says. 

Some  of  Dell’s  acquisitions  have  paid  off, 
though.  Most  of  Dell’s  business  units  under- 
performed  during  the  most  recent  fiscal 
quarter,  save  servers,  which  saw  a  shipment 
and  revenue  boost.  A  part  of  Dell’s  success 
in  servers  could  be  attributed  to  Boomi  and 
Kace,  which  are  complementary  offerings, 
King  says.  Boomi  eases  deployment  and  man¬ 
agement  of  cloud  applications,  and  provides 
tools  to  easily  shuffle  data  between  on-prem- 
ise  and  hosted  applications. 

Dell  is  a  leader  in  iSCSI  storage  with  Equal- 
Logic,  and  is  doing  well  in  vertical  markets 
like  education  and  healthcare  with  Perot 
Systems,  both  of  which  slipped  into  Dell’s 
operations  very  well. 

To  its  credit,  Dell  has  done  better  than 
most  companies  at  preserving  the  culture 
of  acquired  companies  and  keeping  them 
productive,  which  is  in  notable  contrast  to 
Hewlett-Packard,  which  overpaid  for  Palm, 
Autonomy  and  EDS,  analysts  say.  But  Dell 
still  has  issues  to  contend  with  and  so  it  can’t 
afford  to  charge  a  premium  for  its  enterprise 
products  just  yet. 

“Dell  is  not  in  a  comfortable  position.  It  is 
not  as  mature  in  solutions  as  IBM  or  even 
HP,  and  it  doesn’t  have  the  brand  premium 
of  Apple,  but  my  sense  is  that  if  it  sticks  to  its 
knitting,  the  company  can  ultimately  be  suc¬ 
cessful,”  Endpoint  Technologies’  Kay  says.  ■ 
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Nicira  CTO  shares  peek  of  company’s  SDN  plans 

Casado  divulges  software-defined  network  vision  for  VMware,  other  environments 


BYBRANDON  BUTLER 

NICIRA,  THE  software-defined  networking 
startup  that  VMware  purchased  for  $1.2  bil¬ 
lion  earlier  this  year,  plans  to  release  an  SDN 
product  that  runs  independent  of  the  under¬ 
lying  hypervisor  and  hardware  that  will 
work  in  VMware  environments  and  beyond. 

Nicira  co-founder  and  CTO  Martin  Casado, 
during  an  interview  at  VMware  offices  last 
week,  shared  the  firmest  details  yet  of  how 
Nicira  technology  will  fit  with  VMware’s. 

Although  he  did  not  provide  specific 
details  about  the  integration  or  its  time  frame, 
Casado  says  he  expects  the  capabilities  to  be 
released  in  mid-to-late  2013. 

SDN  portends  a  fundamental  shift  in  the 
way  data  centers  operate  that  will  be  similar  to 
the  move  to  server  virtualization  that  VMware 
ushered  in,  says  Casado,  who  is  a  developer  of 
OpenFlow,  a  programmable  network  protocol 
designed  to  manage  and  direct  traffic  among 
routers  and  switches  from  various  vendors. 

Evolution  of  next-generation  networking 


technology  hadn’t  kept  pace 
with  the  advances  on  the  com¬ 
pute  side,  until  virtual  net¬ 
working’s  emergence  in  recent 
years,  Casado  says.  The  ability 
to  abstract  network  controls 
from  the  underlying  hardware 
gives  more  control  and  agil¬ 
ity  to  network  engineers  and 
allows  the  data  center  to  operate 
at  the  same  speed  of  compute 
virtualization. 

The  key  to  a  successful  SDN 
starts  at  the  compute  hypervi¬ 
sor,  Casado  argues.  “The  first  piece  of  net¬ 
work  intelligence  is  at  the  hypervisor  level,” 
he  says,  which  he  calls  the  “access  layer  to  the 
network.”  When  the  hypervisor  controls  the 
network  virtualization,  network  applications 
(like  security  components,  quality  of  service 
checks  and  isolation  of  networks)  can  be 
integrated  into  the  hypervisor,  greatly  sim¬ 
plifying  the  network  architecture.  Enabling 
this  capability  creates  advantages  such  as 


faster  provisioning  of  network 
resources,  mobility  of  virtual 
networks  and  the  ability  to 
decouple  the  hardware  from 
networking. 

Casado  hopes  next  year  to  roll 
out  a  vendor-neutral,  hypervi¬ 
sor-neutral  and  cloud  manage¬ 
ment  platform-neutral  SDN 
controller  that  would  integrate 
with  the  hypervisor  to  enable 
this  capability.  There  will  be  two 
versions,  he  says:  one  integrated 
to  work  in  the  VMware  stack  of 
vSphere,  vCloud  Director  and  the  ESX  hyper¬ 
visor,  and  another  to  work  with  other  hypervi¬ 
sors  and  cloud  management  platforms,  from 
Xen,  KVM  and  OpenStack. 

This  new  idea  enables  choice  for  custom¬ 
ers,  Casado  says,  but  it  doesn’t  “kill”  legacy 
networking  vendors.  “It’s  a  disruptive  tech¬ 
nology,”  he  says,  that  has  incumbents  on 
their  heels.  “But  that  doesn’t  mean  they’ll 
die.”  There  has  been  much  discussion  since 
VMware  bought  Nicira  of  what  the  move 
might  mean  for  VMware  parent  company 
EMC’s  relationship  with  Cisco. 

Applications  that  run  on  a  virtual  network 
can  be  hardware-  or  software-based,  Casado 
says.  Certain  customers  may,  for  example, 
keep  a  proprietary  specialized  piece  of  net¬ 
work  security  hardware  but  expose  other 
areas  of  the  network  to  an  SDN,  he  says. 
“Shifts  [in  technology]  open  up  options  for 
customers,  they  don’t  eradicate  systems,”  he 
says,  adding  that  server  OEMs  actually  have 
sold  more  hardware  after  compute  virtualiza¬ 
tion’s  mainstream  adoption. 

VMware’s  network  virtualization  strategy 
is  similar  to  its  approach  for  cloud  manage¬ 
ment;  both  are  optimized  to  work  in  VMware 
environments,  but  are  compatible  with  plat¬ 
forms  from  other  providers.  In  addition  to 
purchasing  Nicira,  VMware  earlier  this  year 
bought  DynamicOps,  which  provides  a  tool 
for  integrating  systems  across  hypervisors.  A 
few  months  after  the  DynamicOps  purchase, 
VMware  announced  new  features  within 
vSphere  allowing  it  to  provision  workloads 
to  the  Amazon  Web  Services  cloud  and  other 
cloud  platforms. 

At  the  most  recent  OpenStack  Summit 
conference  in  San  Diego,  VMware  CTO  Steve 
Herrod  announced  integration  of  OpenStack 
into  the  vSphere  management  console,  allow¬ 
ing  VMware  customers  to  manage  Open- 
Stack  private  clouds.  ■ 


Juniper  jumps  on  SDN  startup 

Juniper  Networks  last  week  acquired  Contrail  Systems,  a  startup  that  makes  con¬ 
trollers  for  software-defined  networks,  for  $176  million  in  cash  and  stock. 

Contrail  was  founded  early  this  year  by  officials  from  Google,  Cisco,  Juniper 
and  Aruba.  CEO  Ankur  Singla  served  as  CTO  and  vice  president  of  engineering  at 
Aruba  Networks.  CTO  Kireeti  Kompella  had  been  CTO  and  chief  architect  of  the  Junos 
operating  system  software  at  Juniper.  Kompella  authored  several  Internet  drafts  and 
RFCs  on  MPLS,  IS-IS  routing,  Layer  2  VPNs,  OSPF  and  traffic  engineering. 

Juniper  was  a  strategic  investor  in  Contrail  earlier  this  year.  Contrail  closed  a  $10 
million  round  of  funding  in  July,  led  by  Khosla  Ventures. 

The  company  had  been  in  stealth  mode  and  expected  to  release  its  product,  a  dis¬ 
tributed  controller  that  supports  both  BGP  and  XMPP,  next  year. 

Juniper,  meanwhile,  was  on  the  hunt  for  an  SDN  controller.  Earlier  this  year,  Execu¬ 
tive  Vice  President  Bob  Muglia  said  Juniper  is  working  with  other  industry  players  on 
an  open  source-based  controller  for  SDNs  that  would  be  an  alternative  to  proprietary 
offerings  from  VMware  and  Cisco. 

It  appears  it’s  found  a  controller,  if  not  the  controller. 

“We  recognized  the  inherent  advantages  of  Contrail  Systems’  architectural  approach 
and  we  are  excited  to  take  this  next  step  to  acquire  and  combine  Contrail  Systems  into 
our  team,”  Muglia  wrote  in  a  blog  announcing  the  acquisition.  "We  anticipate  closing 
before  the  end  of  the  year." 

A  Juniper  spokesperson  said  the  company  would  not  make  company  executives 
available  to  elaborate  on  the  purchase  or  Juniper’s  overall  SDN  strategy.  Juniper  has 
been  largely  silent  on  an  SDN  strategy  while  rivals  Cisco,  Brocade  and  Arista  have 
articulated  broad  plans. 

The  spokesperson  said  Juniper  would  divulge  its  SDN  strategy  early  next  year. 

—  Jim  Duffy 


Martin  Casado 
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10  top  technology 
stories  of  2012 


BY  NETWORK  WORLD  STAFF 

2012  has  been  a  year  of  re-invention 
among  the  tech  industry’s  biggest 
players,  with  Microsoft  overhauling 
many  of  its  key  product  lines,  most 
notably  Windows,  while  also  boldly 
entering  the  hardware  market  with 
Surface  tablets.  HP  slashed  its  work¬ 
force  as  CEO  Meg  Whitman  reshaped 
an  industry  icon  that  has  gone  through 
many  shifts  in  recent  years.  The  trans¬ 
formation  to  the  cloud  continued  prac¬ 
tically  unabated  (save  for  those  pesky 
outages!)  and  suddenly  every  com¬ 
pany  seemed  to  be  a  software-defined 
something  or  other,  or  was  snapping 
up  an  SDN  company.  Here’s  a  look 
back  at  the  eventful  year  that  was. 
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The  Web  rebellion:  Blackout 
protest  snuffs  SOPA  and  PIPA 

THE  JAN.  18  Web  “blackout”  in 
protest  against  the  Stop  Online  Piracy 
Act  and  the  Protect  IP  Act,  with  some 
10,000  sites  participating,  was  a 
culmination  of  a  popular  movement 
that  had  been  bubbling  up  against 
the  bills  for  months.  It  was  also  the 
first  online  uprising  that  had  a  major, 
direct  impact  on  the  U.S.  lawmaking 
process.  Within  days  many  lawmakers 
abandoned  the  bills.  In  the  House  of 
Representatives,  Rep.  Lamar  Smith, 
the  lead  SOPA  sponsor  and  Texas 
Republican,  killed  the  bill.  A  vote  on 
PIPA  was  delayed,  and  congressional 
support  fizzled.  The  bills  differed, 


but  both  would  have  allowed  the  U.S. 
Department  of  Justice  to  seek  court 
orders  requiring  U.S.  online  advertis¬ 
ing  networks  and  payment  processors 
to  stop  doing  business  with  foreign 
websites  accused  of  infringing  U.S. 
copyright.  Supporters  of  the  bills  say 
lawmakers  still  need  tools  to  stop 
international  copyright  piracy,  so  the 
fight  will  continue. 

SDN  everywhere 

WHILE  SOFTWARE-DEFINED  net¬ 
working,  OpenFlow  and  SDN  remain 
far  from  being  household  words,  enter¬ 
prise  IT  pros  have 
been  hard-pressed  to 
avoid  these  terms  in 
2012.  The  OpenFlow- 
focused  Open  Networking  Summit 
sold  out  in  April,  fueled  by  interest  in 
technology  promising  a  more  flexible 
and  programmable  network  archi¬ 
tecture.  Startups  such  as  Big  Switch 
Networks,  Plexxi,  PLUMgrid,  Cisco 
spin-in  Insieme  and  Nicira  all  grabbed 
headlines,  as  they  scored  gobs  of  ven¬ 
ture  funding,  got  bought  out  or  rolled 
out  products.  Meanwhile,  established 
vendors  such  as  Brocade,  Cisco,  Juni¬ 
per,  HP  and  Alcatel-Lucent  aired  their 
SDN  plans,  such  as  Cisco  ONE. 

New-look  Windows 

MICROSOFT’S  HUGE 

year  for  new  products 
included  the  rollout  of 
Windows  8  for  servers  and  clients, 
Windows  Phone  8  for  smartphones, 
the  Surface  tablet,  Office  2013  and 
Cloud  OS,  to  name  the  major  ones. 
Microsoft  hasn’t  been  shy  about 
promoting  the  technologies  either, 
with  speculation  that  it  shelled  out 


Imagine  a  World 
Without  Free  Knowledge 

For  over  a  decade,  we  have  spent  millions  of  hours  building  t 
largest  encyclopedia  in  human  history  Fight  now,  the  U 
Congress  is  considering  legislation  that  could  fatally  damage  t 
:  en  Internet.  For  24  hours,  to  raise  awareness,  we  s 
blacking  out  Wikipedia.  Learn  more. 
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Microsoft 


WINDOWS  SERVER  2012  LETS  YOU 
VIRTUALIZE  YOUR  NETWORKS. 


Bring  the  agility  of  cloud  computing  inside  your  datacenter  with 
Windows  Server  2012,  the  only  server  built  from  the  cloud  up.  With 
the  power  of  software-defined  networking,  you  can  run  multiple 
isolated  networks  on  a  single  network  infrastructure. 
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$1  billion-plus  to  push  Windows  8,  even 
working  it  into  the  story  line  of  a  TV 
sitcom.  While  Microsoft  rolled  out  lots  of 
new  software,  CEO  Steve  Ballmer  is  now 
calling  Microsoft  a  “devices  and  services” 
company.  Meanwhile,  the  product  over¬ 
hauls  weren’t  without  drama:  Windows  8 
chief  Steve  Sinofsky  left  Microsoft  shortly 
after  the  revamped  Windows  debuted. 
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Apple  on  top 

AFTER  SMOKING  little  companies  such 
as  IBM,  Microsoft,  GE  and  Exxon,  Apple 
in  August  became  the  most  valuable  com¬ 
pany  in  history,  with  a  market  capitaliza¬ 
tion  of  $623.5  billion.  Fueled  by  investor 
and  market  excitement  over  new  iPhone, 
iPad  and  Mac  products,  the  company’s 
stock  price  also  hit  an  all-time  high  in 
September,  when  it  rose  to  $705.  All  was 
not  rosy,  though,  as  the  company’s  shares 
dove  below  $600  late  in  the  year. 

HP  tosses  and  turns 

HP  CEO  Meg  Whitman 
inherited  some  pretty  big 
messes  last  year,  and  one 
painful  move  she  made 
to  clean  things  up  was  to 
announce  that  the  company 
would  whack  8%  of  its  work¬ 
force  via  layoffs  and  retire¬ 
ment  offers  —about  27,000 
jobs.  The  company,  which  is  focusing  heav¬ 
ily  on  the  cloud  now,  expects  the  cuts  to 
save  it  $3  billion  to  $3.5  billion  in  fiscal  year 
2014.  Then  in  November  Hewlett-Packard 
shocked  investors  by  announcing  an  $8.8 
billion  non-cash  charge  in  its  quarterly 
earnings,  mainly  as  a  result  of  what  it 
called  serious  accounting  improprieties 
that  occurred  at  U.K.  software  company 
Autonomy  before  HP  acquired  the  firm  for 
more  than  $10  billion  in  2011.  HP  essen¬ 
tially  laid  blame  on  Autonomy’s  former 
management,  and  that  company’s  founder, 
Mike  Lynch,  who  denied  any  problems. 

Flame:  Malware  for  nation-states 

IN  MAY,  security  researchers  revealed 
that  they  had  discovered  a  highly  complex, 
massive  piece  of  malware  that  had  been 


used  for  cyberespionage  against  targets 
in  Iran  and  other  countries  in  the  Middle 
East  and  North  Africa  for  at  least  two  years. 
The  espionage  toolkit,  dubbed  Flame, 
shared  a  component  with  Stuxnet,  the 
malware  targeting  industrial  systems  that 
had  created  problems  for  Iran’s  nuclear 
centrifuges.  In  lines  of  code,  Flame  dwarfed 
Stuxnet,  and  researchers  came  to  believe 
that  both  pieces  of  malware  had  been 
created  by  programmers  coordinated  by  a 
nation-state  or  states,  most  likely  the  U.S. 
and  Israel.  The  plot  thickened  in  June  when 
The  New  York  Times  broke  a  story  that  U.S. 
President  Barack  Obama  had  ordered  the 
Stuxnet  cyberattack  to  keep  going,  once 
the  malware  broke  free  on  the  Internet  and 
was  exposed,  to  do  as  much  damage  to  the 
Iranian  program  as  possible.  The  White 
House  declined  to  comment,  but  there  is 
little  doubt  that  malware  has  come  of  age  as 
a  geopolitical  weapon. 

RIM  makeover 

TECHNICALLY  RESEARCH  in  Motion 
CEO  Thorsten  Heins,  who  took  over  that 
position  in  January,  isn’t  a  totally  new  face 
—  he  has  been  with  the  BlackBerry  maker 
since  2007.  But  his  successors,  co-CEOs 
Mike  Lazaridis  and  Jim  Balsillie,  had  been 
in  charge  since  the  1980s,  through  the 
company’s  dominance  of  enterprise  wire¬ 
less  and  more  recently  during  the  Black- 
Berry’s  fall  from  popularity  in  the  face  of 
growing  iPhone  and  Android  acceptance 
in  the  enterprise  (one  recent  report  pegged 
RIM’s  U.S.  share  as  being  just  1.6%).  Next 
up  for  RIM:  its  make-or-break  BlackBerry 
10  rollout  at  the  end  of  January. 

The  e-lection 

TECHNOLOGY  ISSUES  got  short  shrift 
compared  to  budget,  taxes  and  other  hot 
button  topics  during  the  presidential  elec¬ 
tion,  but  that’s  not  to  say  tech  didn’t  play 
a  big  role  in  the  results.  Citizens  of  New 
Jersey,  affected  by  Hurricane  Sandy,  were 
allowed  to  vote  by  email  or  fax,  but  techni¬ 
cal  issues  stymied  many  of  them.  The  pro¬ 
cess  also  renewed  security  concerns  about 
email  voting.  Meanwhile,  the  Obama 
campaign  blew  away  Mitt  Romney’s  camp 
on  the  social  media  front,  measured  by 
Facebook  and  Twitter  followers,  and  the 
president’s  campaign  was  also  said  to 
have  tapped  into  social  media  analytics  to 
gauge  voter  sentiment.  Romney’s  “Orca” 
project  ran  into  serious  glitches  at  key 


times  and  might  have  done  the  campaign 
more  harm  than  good. 

Cloud,  cloud  and  more  cloud 

AMAZON  WEB  Services  (AWS)  may  be 
a  market  leader,  but  it  has  been  plagued 
by  outages,  giving  Rackspace,  Terremark, 
Google,  Microsoft 
and  others  a  chance 
to  make  inroads. 

Other  high-profile 
cloud  outages 
brought  down 
popular  sites  such 
as  Reddit,  Imgur, 

Airbnb  and  Sales- 
force.com’s  Heroku 
platform.  The  disruptions  continue  to 
raise  questions  about  how  trustworthy  the 
cloud  is,  and  whether  companies  can  really 
afford  to  put  mission-critical  data  into  it. 
Meanwhile,  it  was  another  busy  year  for 
OpenStack,  with  VMware’s  addition  to  the 
open  source  project  and  the  launch  of  an 
independent  foundation.  The  software  as  a 
service  (SaaS)  and  infrastructure  as  a  ser¬ 
vice  (IaaS)  markets  further  matured,  and 
increased  attention  went  to  the  platform  as 
a  service  (PaaS)  market  to  provide  a  service 
for  building  applications  in  the  cloud. 

Wireless  wars 

THE  COURT  battles  between  mobile 
technology  players  continued  to  rival  their 
fights  in  the  market,  as  phone  and  tablet 
makers  squabbled  over  patents  involv¬ 
ing  UIs,  Siri,  headsets  and  everything  in 
between.  Google  Executive  Chairman 
Eric  Schmidt  pondered  during  a  Wall  Street 
Journal  interview  in  December  why  Apple 
hadn’t  sued  Google  yet:  After  all,  it  has 
taken  so  many  Google  partners,  from  HTC 
to  Samsung  to  Motorola  Mobility,  to  court. 
Apple  did  settle  a  suit  with  HTC,  though 
Apple  and  Samsung  heated  up  their 
relationship  with  suits  and  countersuits 
around  the  world.  ■ 
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The  biggest  and 
scariest  security 
stories  of  2012 


From  the  FBI/Scotland  Yard  hack  to  Stuxnet 
disclosures  it  was  a  busy  year  for  security  scoundrels 


“There  are  so  many  count¬ 
less,  legitimate  uses  for 
Megaupload  that  the  piracy 
element  is  really  just  one  that 
is  minute  and  shouldn't  even 
be  the  primary  focus." 


—  Kim  Dotcom 


has  triggered  a  year’s 
worth  of  lawsuits  and 
retributions  from  all 
even  remotely  involved. 

It  turned  confrontational 
when  outraged  users  of  Megaupload  were 
invited  by  hacktivist  group  Anonymous  to 
attack  law  enforcement  and  industry  web¬ 
sites  supporting  the  raid  by  downloading 
do-it-yourself  denial-of-service  software 
such  as  Slowloris. 


►  Hackers  in  the  LulzSec  group 

associated  with  the  broader  Anonymous 
movement  found  the  tables  turned 
when  they  were  arrested  by  the  FBI  and 
European  law-enforcement  agencies  — 
and  it  was  LulzSec  leader  Hector  Xavier 
Monsegur,  alias  “Sabu,”  who  turned  in 
his  friends  as  part  of  a  deal  to  work  as  a 
stooge  for  the  FBI  after  being 
arrested  in  New 
York  City  last 
year.  By  the 


BYELLENMESSMER 


been  subject  to  the  hackers  vainly  trying 
to  extract  an  extortion  payment  of  about 
$50,000  in  exchange  for  not  posting  the 
stolen  code.  Symantec  engaged  in  a  cat- 
and-mouse  game  to  catch  them,  with  help 
from  law  enforcement—  but  so  far  with¬ 
out  apparent  success.  Later  in  the  year 
Symantec  inadvertently  crippled  a  large 
number  of  Windows  XP  machines  when 
it  shipped  customers  a  defective  update  to 
its  antivirus  software.  The  security  firm 
acknowledged  the  problem  that  impacted 
users  of  its  Endpoint  Protection  software. 


COULD  THINGS  really  be  this  bad?  From 
the  embarrassing  hack  of  a  conversation 
between  the  FBI  and  Scotland  Yard  to  a 
plethora  of  data  breaches  and  other  net¬ 
work  security  malfeasance,  it’s  been  a  busy 
year  for  miscreants.  Here  we  take  a  look  at 
the  bigger  security  stories  of  the  year. 


►  Source  code  used  in  older  Syman¬ 
tec  enterprise  security  products,  Symantec 
Endpoint  Protection  11.0  and  Symantec 
AntiVirus  10.2,  as  well  as  older  versions  of 
pcAnywhere  and  Norton  Internet  Security, 
was  exposed  online  by  hackers  calling 
themselves  Lords  of  Dharmaraja  with  a 
leader  named  Yama  Tough  in  Mumbai. 

The  gang  claimed  to  obtain  the  code 
from  a  third-party  associated  with  the 
Indian  military.  Symantec,  acknowledg¬ 
ing  the  authenticity  of  the 
source  code,  also  said 
the  security  firm  had 


►  The  year  started  off  with  the  fbi 

raiding  the  cloud  file-sharing  and  storage 
Megaupload  site,  based  in  Hong  Kong 
and  founded  by  38-year-old  New  Zealand 
resident  Kim  Dotcom,  on  content  piracy 
charges  to  the  tune  of  $175  million.  And 
that  action,  supported  by  the  U.S  industries 
which  hailed  it  as  bringing  down  a  big 
fish  that  was  devouring  their 
intellectual  property, 


end  of  March,  LulzSec 
claimed  to  be  “reborn”  and 
took  credit  for  hacking  a 
dating  website  for  military 
personnel,  MilitaryS- 
ingles.com,  leaking  more 
than  160,000  account 
details  from  its  database. 

►  During  a  confer¬ 
ence  Call  the  FBI  was 
having  with  its  agents  and 
law-enforcement  officials 
overseas  at  Scotland  Yard, 
cybercriminals  hacked 
their  way  into  the  phone 
conversation,  recorded  it 
and  posted  it  online.  The 
conversation  was  about  hackers  facing 
charges  in  the  U.K.  The  group  Anony¬ 
mous  took  credit  for  the  intercepted 
call.  The  FBI  said  it  appeared  likely  the 
cybercriminals  may  have  hacked  into  a 
law-enforcement  official’s  email  to  get  the 
information  for  the  conference  call  dial-in. 

►  Microsoft  decided  to  temporarily 

stop  publishing  new  apps  for  Windows 
Phone  on  Marketplace  due  to  an  issue 
associated  with  digital  certificates  used 
to  sign  apps  that  prevented  some  phones 
from  installing  some  apps  for  a  few  days. 

►  Yahoo  accidently  leaked  the 

private  key  that  was  used  to  digitally 
sign  its  new  Axis  extension  for  Google 
Chrome.  Axis  is  a  new  search  and  brows¬ 
ing  tool  from  Yahoo.  Security  blogger 
Nik  Cubrilovic  discovered  the  package 
included  the  private  crypto  key  used  by 
Yahoo  to  sign  the  extension,  noting  it 
offered  a  malicious  attacker  the  ability 
“to  create  a  forged  extension  that  Chrome 
will  authenticate  as  being  from  Yahoo.” 
Yahoo  was  forced  to  release  a  new  version 
of  its  Axis  extension  for  Google  Chrome 
after  that. 

►  NASA  disclosed  how  a  stolen  laptop 

taken  Oct.  31  from  a  locked  car  contained 
“personally  identifiable  information” 
on  a  large  number  of  NASA  employees. 
Although  password-protected,  the  laptop 
didn’t  have  whole-disk  encryption,  accord¬ 
ing  to  the  email  to  NASA  employees  from 
Associate  Deputy  Administrator  Richard 
Keegan,  who  gave  orders  to  ramp  up  disk 
encryption  at  once. 


■  Si 


ABOVE:  John  Bumgarner,  a  cyber-warfare 
expert  who  is  CTO  of  the  U.S.  Cyber  Con¬ 
sequences  Unit,  claims  he  has  linked  the 
Stuxnet  computer  virus  that  attacked  Iran’s 
nuclear  program  in  2010  to  Conficker, 
a  mysterious  worm  that  surfaced  in  late 
2008  and  infected  millions  of  PCs. 


The  New  York  Times  article  assert¬ 
ing  that  the  cyber-weapon  Stuxnet  is  a 
creation  of  the  U.S.  with  Israel,  and  was 
launched  in  a  covert  action  authorized 
directly  by  President  Barack  Obama 
against  an  Iranian  facility  suspected 
of  developing  a  nuclear  weapon,  has 
stirred  up  a  firestorm  of  controversy  in 
Washington  about  leaked  information. 
Now  that  another  cyber-weapon  for 
espionage,  Flame,  has  been  discovered 
and  linked  directly  with  Stuxnet,  there’s 
more  concern  with  the  United  Nations’ 
International  Telecommunication 
Union  warning  countries  that  Flame  is 
dangerous,  and  some  saying  the  U.S.  is 
losing  the  moral  high  ground  as  its  secret 
cyberwar  efforts  become  known. 


N'A 


A 


►  Google  was  under  the 

gun  for  most  of  the  year. 
First  the  Federal  Communi¬ 
cations  Commission  fined 
Google  $25,000,  asserting 
the  search-engine  giant 
impeded  an  investigation 
into  how  Google  collected 
data  while  taking  photos  for 
its  Street  View  mapping  fea¬ 
ture.  The  FCC  maintained 
in  a  report  that  Google 
“deliberately  impeded  and 
delayed"  the  investigation 
for  months  by  not  respond¬ 
ing  to  requests  for  informa¬ 
tion  and  documents.  Then 
Google  agreed  to  pay  a  $22.5 
million  fine  to  settle  U.S.  government 
charges  that  it  violated  privacy  laws 
when  it  tracked  users  of  Apple’s  Safari 
browser  through  cookies.  In  its  legal 
complaint,  the  Federal  Trade  Commis¬ 
sion  (FTC)  said  Google  falsely  told  Safari 
users  that  it  wouldn’t  place  tracking 
cookies  on  their  devices  or  serve  them 
targeted  ads.  But  instead,  Google  actively 
circumvented  Safari’s  cookie-blocking 
settings  in  order  to  track  the  users,  the 
FTC  said. 

►  Supply  chain  security  problems 

got  a  lot  of  attention  in  2012.  “Backdoors, 
malicious  software  and  other  vulnerabil¬ 
ities  unknown  to  the  user  could  enable 
an  adversary  to  use  a  device  to  accom¬ 
plish  a  variety  of  harmful  objectives, 
including  the  exfiltration  of  sensitive 
data  and  the  sabotage  of  critical  opera¬ 
tions,”  stated  one  government  agency 
on  the  growing  problem.  Researchers 
at  the  Defense  Advanced  Research 
Projects  Agency  (DARPA)  came  up  with 
the  Vetting  Commodity  IT  Software  and 
Firmware  (VET)  program  which  will 
develop  systems  that  can  verify  the  secu¬ 
rity  of  commercial  IT  devices.  More  such 
programs  could  be  in  the  future. 

Printers  manufactured  by 
Samsung  have  a  backdoor  administra¬ 
tor  account  hardcoded  in  their  firmware 
that  could  enable  attackers  to  change  their 
configuration,  read  their  network  infor¬ 
mation  or  stored  credentials  and  access 
sensitive  information  passed  to  them 
by  users,  the  U.S.  Computer  Emergency 
Readiness  Team  (US-CERT)  said.  ■ 
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MICROSOFT 

What  it  did  right  and  wrong  in  2012 


BYTIM  GREENE 

AT  THIS  writing  Windows  8  could  be  the 
biggest  thing  Microsoft  has  done  wrong  — 
ever.  But  it  could  also  wind  up  being  one  of 
the  best  things  it  has  ever  done. 

By  CEO  Steve  Ballmer’s  own  descrip¬ 
tion  it  is  one  of  the  top  three  major  events 
in  the  company’s  history,  grouped  with 
IBM  PCs  adopting  MS-DOS  and  the 
advent  of  Windows  95. 

By  that  measure,  if  it’s  a  flop  it’s  huge. 

Windows  8  drives  users  crazy.  It’s 
a  two-headed  operating  system  that 
supports  the  traditional  Windows 
keyboard-and-mouse  interface  as  well  as  a 
touch-centric  UI  that  many  say  is  baffling, 
at  least  initially. 

Then  toss  in  a  separate  version  of 
Windows  8  called  Windows  RT.  It’s  a 
hardware/software  bundle  based  on 
ARM  processors  that  doesn’t  support 
traditional  Windows  x86  apps  —  only 
so-called  Windows  Store  applications  that 
rely  mainly  on  touch.  Confusion  reigns. 

So  what  was  Microsoft  thinking? 

Windows  8  is  designed  to  tap  into  the 
shift  in  demand  away  from  traditional 
desktops  and  laptops  and  toward  phones 
and  tablets. 

Core  to  this  strategy  is  making  a  shift 
to  mobility  and  creating  an  application 
environment  transferable  from  device  to 
device.  The  advantage:  Massive  blocks  of 
code  from  an  application  written  for  Win¬ 
dows  8  can  be  readily  repurposed  for  apps 
written  for  Windows  Phone  8  —  making 
it  feasible  for  these  apps  to  be  available  on 
any  Windows  device. 

Because  Windows  Store  apps  are 
written  primarily  for  touch,  their  naviga¬ 
tion  is  similar  from  tablet  to  notebook 
to  phone.  Applications  are  available  for 
phones,  tablets  and  laptops,  and  if  you 
master  them  on  one  category  of  device, 
you’ve  mastered  them  for  all. 

“It  will  take  10  or  more  years  before  most 
organizations  completely  transition  to 
WinRT  technology,  which,  if  successful, 
will  represent  the  next  20  to  30  years  of 


Windows,”  says  Gartner  in  its  report  “Win¬ 
dows  8  changes  Windows  as  we  know  it.” 

Beyond  Windows  8,  Microsoft  has 
scored  some  hits  and  some  misses  this 
year  with  new  product  acquisitions.  Here 
are  four  of  each. 


RIGHT 


Buying  Yammer:  Microsoft  spent  $1.2  bil¬ 
lion  this  year  to  buy  Yammer  as  a  way  to 
beef  up  social  networking  and  collabora¬ 
tion  in  its  SharePoint,  Office,  Dynamics 
CRM,  Lync  and  Skype  platforms. 

When  its  integration  is  completed  over 
the  next  few  years  Yammer  will  add  track¬ 
ing  of  conversation  threads  and  enterprise 
search  to  these  applications,  aggregate 
news  feeds,  manage  documents  and  unify 
user  identities. 

Yammer  is  already  available  with 
Microsoft’s  Office  365  cloud  offering  and 
will  gradually  permeate  the  com¬ 
pany’s  other  collaboration 
and  productivity  plat¬ 
forms,  the  company  says. 

With  the  purchase 
Microsoft  has  bought  the 
tools  it  needs  to  set  itself  up 
well  in  support  of  new  ways 
corporations  do  business 
using  tools  that  end  users 
have  become  familiar  with 
via  their  use  of  consumer 
social  networks. 

Windows  Server  2012: 

Microsoft’s  latest  version 
of  Windows  Server  is  to 
be  applauded  for  how  it 
simplifies  many  areas  of 
virtualization,  which  leads 
Network  World  reviewer 
Tom  Henderson  to  write, 

“What  the  Windows  2012 
Server  editions  provide  is  a 
compelling  reason  to  stick  with  Windows 
infrastructure,  as  many  of  the  advances 
represent  integration  of  management 
components  that  have  no  competitive 


parallels.” 

The  software  streamlines  live  migration 
of  virtual  machines  for  reasons  of  prevent¬ 
ing  performance  of  one  instance  degrad¬ 
ing  because  it  is  overwhelmed  by  demand. 
Windows  Server  2012  removes  the  need 
for  designating  failover  clustering  ahead 
of  time  and  a  separate  SAN  to  share  stor¬ 
age  among  instances  that  were  required  in 
Windows  Server  2008. 

Windows  Server  2012  also  offers  replica¬ 
tion  of  virtual  machines  asynchronously. 
Called  Hyper-V  Replica,  the  feature  is  ideal 
for  replicating  VMs  from  site  to  site  over 
limited  WAN  links. 

A  new  feature  called  Storage  Spaces 
treats  hundreds  of  disks  as  a  single 
logical  storage  reservoir  and  ensures 
resiliency  by  backing  up  data  on  at  least 
two  physical  disks.  The  feature  sets  aside 
a  designated  storage  area  —  called  a  space 
—  for  a  defined  category  of  data  within 
the  entire  available  disk  capac¬ 
ity  —  called  a  pool. 


Yammer  CEO  David  Sacks  (L)  and  Microsoft  CEO  Steve 
Ballmer  shake  hands  in  San  Francisco,  June  25,  after  announc¬ 
ing  Microsoft  will  acquire  Yammer  for  $1.2  billion  in  cash. 


Storage  Spaces  can  allocate  a  space  that 
is  larger  than  the  actual  available  physi¬ 
cal  capacity  of  the  pool  that  the  space  is 
carved  out  of  via  thin  provisioning.  This 
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keeps  data  from  overflowing  the  space 
by  freeing  up  capacity  whenever  files 
are  deleted  or  an  application  decides 
that  such  capacity  is  no  longer  needed. 

Windows  Server  2012  also 
enables  managing  servers  in  groups 
and  includes  an  automated  tool  to 
periodically  check  for  proper  server 
configuration. 

System  Center  2012:  This  manage¬ 
ment  suite  offers  new  tools  to  better 
handle  closely  related  cloud  environ¬ 
ments  and  virtual  data  centers,  and  has 
expanded  the  products  it  can  manage 
to  include  some  of  the  virtual  environ¬ 
ments  of  rivals  Citrix  and  VMware. 

The  platform  includes  broad  support 
for  managing  smartphones  based  on 
Microsoft’s  phone  OS,  but  also  those 
from  Apple  and  from  a  range  of  ven¬ 
dors  that  base  their  phones  on  Android. 

The  Virtual  Machine  Manager, 
Orchestration  Manager  and  Opera¬ 
tions  Manager  can  combine  to  make 
management  of  virtual  environments 
simpler.  For  instance,  the  management 
suite  streamlines  configuring  virtual 
machines  to  pick  up  the  function  of 
others  when  they  go  down  so  help  desk 
workers  can  perform  the  task  without 
escalating. 

In  a  practical  sense,  System  Center 
can  give  developers  the  capability  to 
create  and  tear  down  virtual  machines 
for  their  test  environments  within 
parameters  set  by  network  executives. 

One  downside  is  that  upgrading  to 
System  Center  2012  requires  a  lot  of 
network  prep  as  well  as  education  to 
learn  what  other  Microsoft  products 
are  required  in  order  for  the  various 
modules  to  work. 

Targeting  botnets:  Microsoft  did 
itself  proud  this  year  disrupting  the 
Nitol  botnet  with  a  combination  of  tech¬ 
nical  and  legal  innovation,  as  well  as 
seizing  servers  belonging  to  the  worst 
instances  of  the  Zeus  botnet. 

These  efforts  represent  the  fourth  and 
fifth  times  Microsoft  has  intervened  to 
shut  down  or  a  least  temporarily  cripple 
criminal  malware  enterprises. 

The  company’s  Digital  Crimes  Unit 
(DCU)  started  its  aggressive  action 
in  2010  and  continued  steadily  since 
then.  While  its  work  won’t  halt  online 


abuses,  its  proven  commitment  to 
causing  periodic  significant  damage  to 
them  does  make  criminal  activity  more 
difficult,  and  that  steady  opposition 
helps  raise  the  bar  for  criminals  hoping 
to  enter  the  game. 

The  effort  sends  a  message  to 
other  criminals  that  Microsoft  might 
strike  them  at  any  time,  says  Richard 
Boscovich,  assistant  general  counsel 
for  the  DCU. 


WRONG 

Euro  browser  flap:  Microsoft  failed  to 
live  up  to  an  agreement  that  it  would 
display  a  Windows  screen  giving  users 
the  option  to  pick  Internet  Explorer  or 
some  other  browsers. 

While  Microsoft  says  the  problem 
was  caused  by  a  technical  glitch  and 
has  worked  to  correct  it,  it’s  still  facing 
down  a  possible  $7  billion  fine  from 
European  Union  regulators.  While 
Microsoft  would  likely  survive  the 
hefty  penalty,  it’s  really  a 
case  of  the  company 
shooting  itself  in 
the  foot.  It  is  also 
damaging  its  reputa¬ 
tion  in  not  only  Europe 
where  customers  were 
directly  affected,  but 
worldwide  where  end 
users  heard  about  the 
case  and  adjusted  their 
opinion  of  the  com¬ 
pany  accordingly. 

Windows  Phone: 

The  launch  of  Win¬ 
dows  Phone  8  this  fall 
revealed  an  operating 
system  that  met  with 
generally  good  reviews 
and  a  phone  —  Nokia’s 
Lumia  920  —  that 
shows  it  off  to  good 
advantage. 

The  problem  here  is  that  it  comes 
so  late  after  the  iPhone  and  Android 
phones  have  dominated  the  market. 
The  company  must  now  dedicate  itself 
to  a  long-term  effort  to  scratch  its  way 
up  from  2.6%  of  the  market,  according 
to  IDC  estimates,  to  something  more 


significant. 

IDC  thinks  Microsoft  will  succeed 
in  that  goal  by  claiming  11.4%  of  the 
market  in  2016  --  a  terrific  boost.  But 
the  company  leaves  a  lot  of  smartphone 
money  on  the  table  by  coming  out  so 
late  with  a  compelling  product. 

Windows  Phone  8  itself  may  pan 
out  to  be  a  winner,  but  the  overall 
handling  of  Windows  Phone  to  date 
racks  up  as  a  loss.  And  with  Microsoft’s 
desire  to  link  all  its  mobile  platforms,  a 
slow  start  for  Windows  phone  hobbles 
that  larger  effort. 

Licensing  hikes:  Microsoft  boosted 
by  15%  the  fees  it  charges  for  licenses 
that  allow  users  to  access  servers, 
squeezing  more  money  out  of  custom¬ 
ers  while  still  giving  them  a  better  deal 
than  the  alternative. 

This  is  likely  good  for  Microsoft 
because  it  means  more  revenues,  but 
it’s  just  another  reason  for  business 
customers  to  carp  about  being  gouged 
for  software. 

Corporate  employees  are  moving 
toward  use  of  multiple  devices  in  the 
workplace,  making 
licenses  based  on  num¬ 
bers  of  users  attractive 
rather  than  licenses 
based  on  individual 
devices.  Even  with 
the  price  hike,  many 
customers  will  wind 
up  paying  less  for  user 
client  access  licenses 
than  for  device  CALs. 
But  that  won’t  eradicate 
the  bad  taste  from  their 
mouths. 

Fanned  Flame: 

The  complex  Flame 
espionage  malware  that 
infected  Iranian  govern¬ 
ment  computers  earlier 
this  year  was  in  part 
enabled  by  a  Microsoft 
security  snafu. 

A  key  element  of  Flame  called  for 
exploiting  weaknesses  of  the  MD5 
hashing  algorithm.  Microsoft  had 
urged  in  2008  that  network  adminis¬ 
trators  and  certificate  authorities  stop 
using  the  hash  because  researchers  had 
discovered  how  to  exploit  it.  ■ 
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Cisco’s  2012 


From  software-defined  networking 
challenges  to  killing  Cius  and 
corporate  restricting  moves, 
it  was  a  busy  year  for  Cisco. 


BY  JIM  DUFFY 


January 

IN  JUST  over  two  years  since  Cisco 
started  shipping  its  Unified  Computing 
System  (UCS),  the  company  announces 
that  it  has  landed  more  than  10,000 
customers  for  the  server  platform.  UCS 
began  shipping  in  July  2009  and  it  is 
now  on  an  annualized  order  run  rate  of 
over  $1  billion,  Cisco  says.  Cisco  is  No.  4 
in  the  overall  server  market  after  three 
years  in  the  business,  No.  2  in  x86  blade 
servers  in  the  U.S.  and  No.  3  worldwide, 
according  to  CEO  John  Chambers. 

March 

CISCO  MAKES  its  most  strategic 
acquisition  in  years  when  it  buys  video 
software  titan  NDS  for  $5  billion.  The 


acquisition  is  in  keeping  with  Cisco’s 
strategy  to  drive  video  into  as  many 
markets  as  it  can  in  order  to  create 
demand  for  its  routers  and  switches.  But 
the  NDS  deal  is  more  than  that.  Cisco 
has  made  no  bones  about  the  fact  that 
it  is  looking  to  deepen  its  software  and 
services  expertise  in  order  to  drive  more 
revenue  streams  for  the  company  and 
grow  in  areas  aligned  with  its  router  and 
switch  hardware  focus.  Software  is  80% 
of  NDS’  revenue  and  the  remainder 
comes  from  integration  services. 

April 

CISCO  CONFIRMS  previous  reports 
that  it  is  funding  Insieme  Networks,  a 
potential  spin-in  startup  developing 
products  to  help  stock  Cisco’s  nascent 
programmable  networking  lineup. 
Cisco  invests  $100  million  in  Insieme, 


which  is  led  by  three  Cisco  engineers: 
Mario  Mazzola,  Luca  Cafiero  and  Prem 
Jain.  The  three  led  two  other  Cisco  spin- 
in  startups  —  Andiamo  Systems,  which 
made  storage-area  network  switches, 
and  Nuova  Systems,  which  developed 
Cisco’s  Nexus  5000  series  data  center 
switches.  Cisco  says  it  has  the  option  to 
buy  Insieme  for  $750  million  to  $850 
million,  and  the  company  is  believed 
to  be  developing  100G  programmable 
switches  with  a  significant  storage 
component,  and  a  controller. 


May 


CISCO  KILLS  its  Cius  business  tablet 
less  than  a  year  after  it  started 
shipping,  citing  an  inability 
to  compete  with  workers 
using  their  own  personal 
devices  for  business  — 
such  as  Apple’s  iPad 
—  and  the  cloud. 

Indeed,  Cisco’s  own  internal  BYOD 
practices  helped  doom  Cius.  The  com¬ 
pany  instead  will  focus  on  software 
offerings  like  its  Jabber  and  Web  Ex 
products  for  more  popular  tablets  and 
smartphones  supporting  a  variety  of 
operating  systems.  And  Cisco’s  strat¬ 
egy  for  doing  so  will  be  led  by  its  third 
collaboration  head  in  less  than  a  year, 
after  Cisco’s  collaboration  business  has 
been  hampered  by  execution  issues 
and  declining  sales.  The  business  was 
flat  in  Cisco’s  2012  third  quarter  with 
TelePresence  hit  by  decreased  spend¬ 
ing  in  public  sector  and  enterprise.  In 
the  fourth  quarter,  collaboration  saw 
an  8%  decline,  which  was  repeated  in 
the  first  quarter  of  fiscal  2013. 


June 

CISCO  ENDS  the  suspense  surround¬ 
ing  its  software-defined  networking 
strategy  by  unveiling  the  Cisco  Open 
Networking  Environment  (ONE),  a 
set  of  APIs  to  enable  its  routers  and 
switches  to  be  programmable  through 
software.  Cisco  ONE  is  designed  to 
make  Cisco  products  flexible  and  cus¬ 
tomizable  to  meet  the  needs  of  cloud, 
mobility,  social  networking  and  video. 
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In  addition  to  APIs,  it  includes  agents 
and  controllers,  and  overlay  network 
technologies  designed  to  make  each 
layer  of  a  network  —  from  the  transport 
layer  up  through  the  management 
and  orchestration  layers  —  program¬ 
mable  in  order  to  make  it  adaptable 
and  extensible  to  changing  needs.  This 
differs,  Cisco  says,  from  more  com¬ 
monplace  approaches  to  SDNs  in  which 
the  control  plane  is  decoupled  from 
the  forwarding  plane  and  OpenFlow  is 
used  as  an  API,  agent  and  protocol  to 
command  switches  from  an  external 
controller. 

CISCO  ANGERS  customers  when 
it  upgrades  firmware,  without  request 
or  permission,  on  Linksys  routers  that 
pushes  users  toward  a  cloud-based 
administration  service  they  don’t  want. 
What’s  more,  Cisco’s  privacy  policy  for 
the  cloud-based  administration  states 
that  it  may  keep  track  of  certain  infor¬ 
mation  related  to  how  customers  use 
the  service,  such  as  how  much  traffic 
is  going  through  the  router  every  hour 
and  information  on  the  Internet  history 
from  the  home  network.  The  policy 
states  that  Cisco  may  share  aggre¬ 
gated  or  anonymous  user  experience 
information  with  service  providers, 
contractors  or  other  third  parties.  After 
a  prolonged  outcry  from  users,  Cisco 
admits  the  exercise  was  a  mistake. 

July 

CISCO  CUTS  1,300 jobs,  or  2%  of  its 
workforce,  in  a  “limited  restructuring” 
to  realign  resources  and  streamline 
its  organizational  structure.  The 
reductions  are  said  to  hit  Wide  Area 
Application  Services  ( WAAS)  sales  and 
engineering,  as  well  as  public  sector 
operations  and  Advanced  Services.  The 
cuts  are  followed  by  the  resignations, 
in  the  same  week,  of  Paul  Mountford, 
head  of  Cisco’s  global  enterprise  sales, 
and  Amanda  Jobbins,  vice  president  of 
global  partner  marketing.  They  both 
are  from  the  U.K.  and  both  held  their 
most  recent  positions  at  Cisco  for  less 
than  two  years. 

CRACKS  START  to  appear  in  the 
3-year-old  VCE  data  center  coalition 
between  Cisco,  EMC  and  VMware. 


2012  YEAR  IN  REVIEW 


VMware  buys  network 
virtualization  startup  Nicira 
for  $1.26  billion,  ushering 
VMware  into  software- 
defined  networking  for  the 
data  center,  and  increasing  competition 
and  straining  relations  with  longtime 
partner  Cisco.  The  acquisition  comes  a 
mere  five  weeks  after  Cisco  rolled  out 
its  own  Cisco  ONE  programmability 
strategy.  Reports  surface  that  VMware 
even  outbid  Cisco  for  Nicira.  And  later, 
EMC  would  line  up  Lenovo  as  a  server 
partner,  putting  additional  pressure 
on  Cisco  as  a  server  partner  in  the  VCE 
coalition. 


HUAW€I 


September 


CISCO  KILLS  its  Application  Control 
Engine  (ACE)  application  acceleration 
product  after  years  of  beat  down  from 
competitors  F5  and  Citrix,  and  loss  of 
more  than  half  of  its  market  share  since 
2008.  Several  competitors  offer  trade- 
in  programs  to  entice  ACE  customers, 
and  Cisco  ultimately  announces  a 
reference  sale  agreement  with  Citrix 
to  fill  the  ACE-in-the-hole  with  Citrix 
NetScaler  for  cloud-based  application 
performance  requirements. 

CISCO  CEO  John  Chambers  hints 
at  retirement  and  possible  successors. 
Chambers  suggests  his  time  might  be  up 
in  two  to  four  years,  and  that  10  possible 
successors  from  within  the  company 
could  replace  him,  including  Rob  Lloyd, 
executive  vice  president  of  worldwide 
operations;  Chuck  Robbins,  senior  vice 
president  of  the  Americas;  Edzard  Over- 
beek,  senior  vice  president  of  global  ser¬ 
vices;  and  COO  Gary  Moore,  who  would 
assume  leadership  of  Cisco  if  Chambers 
gets  “hit  by  a  bus.”  Later,  Moore  and 
Lloyd  are  named  co-presidents  of  the 
company,  perhaps  an  indication  of  the 
succession  order. 

October 

CISCO  CUTS  ties  with  Chinese  partner 
ZTE,  after  an  internal  investigation 
indicates  ZTE  sold  Cisco  equipment  in 


Iran  despite  U.S.  sanctions 
forbidding  such  sales.  The 
move  coincides  with  a  U.S. 
Congressional  report  encour¬ 
aging  American  companies 
to  cease  doing  business  with  Chinese 
telecom  vendors  such  as  ZTE  and 
Huawei  due  to  national  security  con¬ 
cerns.  The  moves  ignite  a  war  of  words 
between  Huawei  and  Cisco,  leading  to 
speculation  of  an  impending  trade  war 
between  Cisco  and  other  U.S.  technol¬ 
ogy  companies,  and  China. 

CISCO  CUSTOMER  California 
State  University  accepts  a  $22  million 
bid  from  Alcatel-Lucent  to  refresh 
its  systemwide  network  after  Cisco’s 
proposal  overshoots  that  by  $100 
million.  The  contract  covers  all  23 
CSU  campuses,  but  San  Jose  State 
decides  to  go  with  Cisco  anyway, 
handing  the  company  $28  million 
for  its  “Next  Generation  Technology 
Project”  without  a  competitive  bid. 
The  situation  raises  questions  on  San 
Jose  State’s  motivation  and 
the  inner  workings  of  the 
deal,  considering  the  '  "" 

challenging  financial 
situation  facing  the 
state  of  California 
and  that  SJSU  is 
spending  more  for 
its  own  network 
than  CSU  is  spending 
to  upgrade  the  entire 
university  system. 

December 

CISCO  CEO  John  Chambers  dis¬ 
closes  —  again  —  that  Cisco  intends 
on  becoming  more  of  a  software  and 
services  company.  The  company  plans 
to  double  its  revenues  from  software 
over  the  next  five  years  from  $6  billion 
to  $12  billion.  At  the  same  time,  Cisco 
also  discloses  —  again  —  that  it’s  intent 
on  becoming  the  No.  1  IT  vendor  in 
the  industry.  Both  pronouncements 
are  made  at  the  company’s  Financial 
Analyst  Conference  in  New  York  on 
Dec.  7.  The  new  news  from  the  confer¬ 
ence  is  the  unveiling  of  a  new  global  ad 
campaign,  pushing  Cisco’s  “Internet  of 
Everything”  theme.  ■ 
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Gigabit  cell  phone  standard  nears  completion 

The  world’s  top  handset  makers  are  meeting  this  week  to  finalize  a  version  of  an  advanced  mobile  communication  standard  that 
would  raise  data  transfer  speeds  to  IGbps.  an  event  organizer  said  on  Monday.  Read  More 
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acceleration  and  VMware  integration  capabilities  that  have  data  centers  using  Equalizer  Application  Delivery  Controllers  to  take 
over  where  server  load  balancers  left  off.  Click  to  continue 
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Disaster  recovery  trial  by  fire...  literally 

On  a  Sunday  morning  last  year,  John  Brooks  received  news  no  one  wants  to  hear.  There'd  been  an  electrical  fire  in  the  basement 
of  a  New  York  City  office  tower  -  where  his  law  firm  has  an  office.  Read  More 
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TOOLS 


Poor  timepiece,  great  calculations 


ell  folks,  Christmas  is 
once  more  upon  us  and  I 
just  received  a  present . . . 
from  myself.  Some  months 
ago  I  saw  a  project  on  Kick- 
starter  that  I  thought  was 
kind  of  cool  so  I  backed  it:  the 
Cookoo  watch  from  ConnecteDevice. 


Conceived  of  as  an  extension  of  your 
iPhone  or  iPad,  the  Cookoo  watch  is  intended 
as  a  notification  service  for  incoming  and 
missed  calls,  calendar  alerts  and  Facebook 
events,  and  it  will  also  warn  you  when  your 
iDevice’s  battery  is  low  or  the  device  is  physi¬ 
cally  out  of  range. 

The  Cookoo  features  a  “command”  button 
that  you  can  associate  with  various  func¬ 
tions.  A  short,  medium  or  long  press  of  the 
button,  for  example,  can  represent  a  Face- 
book  check-in  or  a  geolocation  tag,  or  trigger 
your  iDevice  to  take  a  picture. 

The  Cookoo  watch  uses  Bluetooth  4.0 
Smart,  a  low-energy  Bluetooth  connection 
that  doesn’t  overly  tax  the  battery.  But  this 
makes  the  watch  compatible  with  only  the 
iPhone  4S,  iPhone  5,  and  third-  and  fourth- 
generation  iPads. 


Now,  there’s  one  big  reason  why  this 
product  is,  in  reality,  a  tough  sell:  Who 
wears  watches  any  more?  Ah,  you  might 
say,  doesn’t  the  extra  functionality  make  it 
useful  and  worth  wearing?  Alas,  it  turns 
out  that  it  doesn’t. 

To  check  in  to  Facebook  or  drop  a  location 
pin  on  a  map,  I  don’t  need  to  wear  a  watch,  I 
can  pretty  swiftly  pull  my  phone  out  of  my 
pocket.  As  for  notifying  me  of  incoming  calls 
and  status  events,  the  Cookoo  watch  needs 
to  be  louder  (its  alert  sound  is  a  miserable 
“cheep”  that  would  embarrass  any  self- 
respecting  cricket),  and  its  vibration  alert  is 
so  weak  it’s  absorbed  by  the  functional  but 
clunky  rubber  wrist  band. 

The  look  of  the  Cookoo  watch  isn’t  too 
bad  (it’s  sleek  and  well-proportioned,  albeit 
thicker  than  I’d  like),  but  the  black  on  black 
watch  with  blue  accents  I  received  is  read¬ 
able  in  only  bright  light  while  the  backlight  is 


Mark  Gibbs'  Gearhead 

an  anemic  glow 

that  is  only  useful  when  there’s  hardly  any 
light  at  all. 

In  short,  I  am  very  disappointed.  While 
I’m  impressed  that  the  company  managed  to 
get  a  somewhat  ambitious  product  to  mar¬ 
ket,  it’s  not  what  I  hoped  it  would  be.  What  I 
hoped  was  going  to  be  kind  of  cool  and  use¬ 
ful  turns  out  to  be  kind  of  lame  and  not  really 
useful  at  all.  For  $129  the  Cookoo  watch  gets 
a  Gearhead  rating  of  1  out  of  5  and  I’d  like  my 
money  back  (alas,  refunds  aren’t  available  to 
Kickstarter  backers). 

Enough  of  being  the  Grinch!  Let  me  give 
you  a  present  that’s  incredibly  geeky:  Wol¬ 
fram  Mathematica  9. 

Mathematica  has  always  been  an  extraor¬ 
dinary  product,  but  this  version  adds  an 


The  Cookoo 
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and  not 
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incredible  list  of  enhancements,  including 
3D  volumetric  imaging,  image  processing 
(including  face  detection,  feature  tracking 
and  image  classification),  and  full  client-side 
Web  access  for  data  exchange  via  Web  APIs 
and  asynchronous  connections  for  AJAX- 
style  programming. 

Most  intriguingly,  M9  includes  Social 
Network  Analysis!  This  feature  allows  you 
to  import  data  from  Facebook  and  Twitter 
and,  through  high-level  functions,  detect 
communities,  cohesive  groups  (including 
cliques,  clans,  clubs  and  plexes),  centrality 
and  prestige,  among  other  slicing  and  dicing 
of  social  media  data. 

Mathematica  9  is  a  staggeringly  huge 
product  that  I’m  just  beginning  to  get  into. 
Priced  starting  at  $295  for  the  Home  version 
and  $2,495  for  the  Standard  version,  there’s 
nothing  like  it  and  so,  Merry  Christmas 
Wolfram!  Mathematica  gets  a  Gearhead 
rating  of  5  out  5!  H 

Gibbs  is  bracing  himself  for  holiday  cheer  in 
Ventura,  Calif.  Send  your  season’s  greetings 
to  gearhead@gibbs.com  and  follow  him  on 
Twitter  and  App.net  (@quistuipater)  and  on 
Facebook  (quistui pater). 
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IIMIMI! 


GADGETS 


The  Coolest  Tools 
of  2012 


Keith  Shaw’s 
Cool  Tools 


WITH  THE  LAST  column  of  the  year,  instead  of  doing  some  additional  reviews  I  wanted 
to  present  a  list  of  my  favorite  devices/gadgets  that  I  tried  during  the  year.  If  you  still  haven’t 
completed  your  holiday  shopping  yet,  there’s  still  some  time  left  to  try  and  grab  one  of  these. 


►  Brinno  TLC200  time-lapse  camera 
($200):  If  you  have  a  great  idea  for  a 
time-lapse  or  stop-motion  video,  you  really 
need  to  pick  up  this  camera,  which  quickly 
and  easily  lets  you  record  video  at  set  time 
intervals  (a  frame  every  second  or  three,  or 
maybe  a  minute  or  longer)  to  create  a  time- 
lapse  video.  You  can  then  quickly  import  the 
file  into  other  videos  or  upload  to  YouTube 
on  your  own.  An  optional  stop-motion  shut¬ 
ter  lets  you  create  videos  like  Lego  anima¬ 
tion  or  claymation-type  videos,  if  you  have 
the  time  and  patience. 


►  Amazon  Kindle  Fire  HD  ($199):  For  the 

longest  time  I’ve  been  clearly  in  the  Apple 
iPad  camp  —  many  other  tablets  came  and 
went,  but  the  iPad  always  held  strong  in  my 
heart  (and  the  hearts  of  my  kids).  But  the 
Kindle  Fire  HD  was  able  to  squeeze  some 
additional  space  in  there,  and  it  also  changed 
my  opinion  on  e-readers  (I  now  enjoy  read¬ 
ing  books  with  a  smaller,  7-inch  tablet  rather 
than  a  larger,  10-inch  version).  The  UI  of  the 
Kindle  Fire  HD,  which  focuses  on  a  user’s 


content  rather  than  apps, 
makes  it  easier  to  quickly 
access  that  content  than  the 
app-based  iPad. 


►  PowerCup  200  Watt 
Inverter  ($35):  I’m  still  in 
love  with  this  device,  which 
keeps  my  iPhone  powered  up 
and  connected  while  I’m  driv¬ 
ing  to  and  from  work.  Shaped 
like  a  cup  of  coffee,  this  gadget 
sits  in  your  car’s  cup  holder  and  lets  you 
power  up  a  USB-enabled  device  (if  you  have 
the  cable)  and  also  can  power  other  devices 
(like  your  computer)  via  a  regular  power 
outlet.  As  long  as  you  don’t  mind  giving  up  a 
cup  holder  space,  this  gadget  is  a  must-own 
for  anyone  with  long  commutes  or  people 
who  work  out  of  their  cars. 


►  Verizon  Jetpack  ($50,  with  two-year 
agreement  and  online  discounts): 

Getting  reliable  and  fast  Internet  speeds 
while  traveling  is  s'till  a  pain  in  the  you- 
know-what.  Unless  you  have  one  of  these 
units,  which  can  quickly  access  Verizon’s 
4G  LTE  wireless  network,  providing  for 
excellent  download  and  upload  speeds  (for 
content  creators,  upload  speeds  are  more 


►  Samsung  Galaxy  S  III  smart¬ 
phone  ($200):  I  still  own  an 
Apple  iPhone  4,  but  the 
performance,  design  and 
style  of  the  Galaxy  S  III 
is  seriously  tempting  me 
to  switch  to  Android  for 
my  next  smartphone.  My  wife  now  owns  an 
S  III  and  I  haven’t  heard  her  say  a  single  bad 
thing  about  it,  unlike  several  other  smart¬ 
phones  and  cellphones  that  came  before. 

With  the  Consumer  Electronics  Show 
starting  in  a  few  short  weeks,  we’re  already 
focused  on  what  the  Coolest  Tools  of  2013 
will  be.  Have  a  great  holiday  season  every¬ 
one,  and  hopefully  the  world  won’t  end  on 
Dec.  21  because  of  those  crazy  Mayans!  ■ 


Shaw  can  be  reached 
at  kshaw@nww. 
com. 


important  than  content  consumers). 
The  easy-to-use  nature  of  the  device 
makes  it  a  must-own  for  mobile 
workers. 
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SINGLE  SIGN-ON 

Single  sign-on  moves  to  the  cloud 

Okta,  OneLogin  score  high  in  test  of  8  SSO  solutions  that  beef  up  app  security 


BY  DAVID  STROM 

individual  passwords  is  a  major  problem  for 
enterprise  security.  Many  end  users  cope  by 
reusing  their  passwords,  which  exposes  all 
sorts  of  security  holes. 

One  solution  is  a  single  sign-on  (SSO)  tool 
to  automate  the  logins  of  enterprise  applica¬ 
tions  and  also  beef  up  password  complexity, 
without  taxing  end  users  to  try  to  remember 
dozens  of  different  logins. 

SSO  isn't  new;  we  have  had  various  prod¬ 
ucts  for  more  than  a  decade.  What  is  new  is 
that  several  products  now  combine  cloud- 
based  SaaS  logins  with  local  desktop  Win¬ 
dows  logins,  and  add  improved  two-factor 
authentication  and  smoother  federated  iden¬ 
tity  integration. 

Also  helping  is  a  wider  adoption  of  the 
open  standard  Security  Assertion  Markup 
Language  (SAML),  which  allows  for  auto¬ 
mated  sign-ons  via  exchanging  XML  infor¬ 
mation  between  websites. 

The  SSO  market  includes  more  than  a 
dozen  products,  offered  by  companies  rang¬ 
ing  from  boutique  shops  to  large  software 
vendors.  We  tested  eight  products:  Secure- 
Auth,  OneLogin,  Okta,  Symplified,  Intel’s 
McAfee  Cloud  Identity  Manager,  Numina 


CLEAR 


Application  Framework,  SmartSignin  and 
Radiant  Logic’s  RadiantOne.  Several  other 
SSO  vendors  were  contacted  but  decided  not 
to  participate,  including  IBM,  CA  Technolo¬ 
gies,  Oracle  and  Ping  Identity. 

The  products  all  work  in  a  similar  fashion. 
First,  they  connect  to  one  or  more  directory 
services,  such  as  Active  Directory,  or  an  iden¬ 
tity  provider  with  an  existing  collection  of 
users,  such  as  Google  Apps.  They  grab  the 
user  lists  from  these  sources  and  then  apply 
various  rules  in  terms  of  what  applications 
each  user  can  access  and  whether  they  make 
use  of  advanced  passwords,  such  as  multifac¬ 
tor  or  one-time  tokens  to  log  in  to  each  app. 

Users  typically  sign  in  to  a  Web-based 
portal,  or  the  products  grab  their  Windows 
desktop  login  credentials  and  use  that  as  the 
basis  for  the  authentication  of  the  SSO  app 
portfolio.  This  means  that  users  don’t  have 
to  remember  or  even  in  some  cases  need  to 
know  what  their  Google  or  Box  passwords 
are  to  gain  access  to  these  apps. 


It  sounds  simple,  but  there  is  a  great  deal  of 
behind-the-scenes  software  magic  to  make  all 
the  logins  operate  seamlessly  and  to  connect 
the  dots  among  the  different  pieces.  And  all 
of  the  user  data  “grabbing”  should  happen 
over  encrypted  connections  to  prevent  man- 
in-the-middle  and  other  attacks. 

Trials  and  pricing 

Most  of  the  vendors  we  tested  offer  free  trial 
accounts  with  certain  limitations  beyond  the 
two  weeks’  time  frame,  so  you  can  get  a  feel  for 
how  they  operate.  And  vendors  are  very  will¬ 
ing  to  work  with  your  own  collection  of  apps 
to  ensure  that  their  products  cover  the  ones 
you  want  to  automate  the  sign-ons  for.  Some 
offer  enticements  such  as  unlimited  number 
of  users  for  a  single  app  to  deploy  across  your 
organization  and  get  your  end  users  used  to 
the  SSO  apparatus,  and  then  they  start  charg¬ 
ing  when  you  add  new  apps  to  the  portal. 

Vendors  have  somewhat  different  plans 
for  their  products.  Some  charge  per  user  per 
month,  others  have  more  standard  per-server 
site  licensing  fees.  Some  include  live  support 
for  at  least  the  regular  workday,  others  only 
have  online  support  and  charge  extra  for  live 
help  past  normal  working  hours.  Some  have 
different  levels  of  pricing  plans  that  cover  a 
limited  number  of  directory  linkages,  apps 
or  policy  roles,  and  charge  extra  when  you 
exceed  these  limits.  Almost  every  vendor  had 
incomplete  pricing  information  published  on 
their  website,  although  SmartSignin’s  pricing 
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Product 

On-premise 
or  cloud (1) 

Identity 

providers 

Application 

connectors 

Pricing 

McAfee  Cloud 

Identity  Manager 

Both 

Cloud:  Active  Directory  (AD) 
in  beta;  more  for 
on-premise  version 

120+ 

$l-$5/user/month 

Numina  Application 
Framework 

On-premise 

LDAP,  OpenID,  Google 

100+ 

$25, 000/server 

Okta 

Cloud 

AD,  Google,  Salesforce,  others 

1,000+ 

$l-$10/user/month 

OneLogin 

Cloud 

AD,  Google,  OpenLDAP, 

Workday 

1,500+ 

$l-$7/user/month 

Radiant  Logic 

On-premise 

AD,  OpenAM,  Azure,  SecurlD 

<10 

$25, 000/server 

SecureAuth 

On-premise 

AD,  Lotus  Notes,  OpenLDAP, 
Novell  eDirectory 

1,500+ 

$1. 60/user/month, 
plus  server  fees 

SmartSignin 

Both 

AD,  Google,  Salesforce 

50+ 

$4-$9/user/month 

Symplified 

Both 

AD,  Google,  LDAP, 

Salesforce,  others 

200+ 

$3/user/month, 
plus  startup  fees 

(1)  McAfee.  Symplified  and  SmartSignin  have  two  separate  product  offerings. 
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page  was  superior.  SecureAuth  has  the  most 
complex  pricing  scheme. 

All  this  makes  comparing  and  calculating 
the  cost  of  a  total  SSO  rollout  difficult.  Also 
know  that  these  products  aren’t  cheap:  Plan 
on  spending  multiple  tens  of  thousands  of 
dollars  annually  for  them,  even  for  a  rela¬ 
tively  small  installation.  We  have  put  together 
our  best  guess  at  what  it  would  cost  for  a  500- 
seat  installation  for  the  first  and  subsequent 
years;  some  vendors’  fees  drop  significantly 
in  the  outlying  years.  The  reason  we  call  it  a 
guess  is  that,  given  the  way  prices  aren’t  pub¬ 
lished  online,  it  is  clear  that  vendors  often 
give  discounts  to  get  your  business. 

Cloud  and  on-premise  winners 

Two  vendors  rose  to  the  top  in  our  testing: 
Okta  and  OneLogin.  Both  were  flexible,  had 
great  app  and  browser  support,  and  handled 
sign-ons  for  the  widest  variety  of  situations. 
These  are  mostly  cloud-based  products.  The 
two  best  on-premise  products  were  Secure¬ 
Auth  and  McAfee. 

Numina  and  SmartSignin  are  both  from 
very  small  companies  that  are  trying  to  break 
into  the  SSO  space,  and  generally  speaking 
need  more  work  and  polish.  But  Numina  has 
superior  reports  and  the  nicest  SAML  set¬ 
tings  sheets  of  any  of  the  products,  making 
it  easier  to  set  up  websites  that  support  that 
protocol.  And  SmartSignin  has  the  most  seri¬ 
ous  approach  to  keeping  user  data  private  of 
the  products  tested. 

RadiantOne  has  very  limited  app  support 
and  its  documentation  could  be  better.  On 
the  other  hand,  RadiantOne  and  Symplified 
have  impressive  identity  architectures  that 
can  handle  a  wide  variety  of  situations,  use¬ 
ful  in  cases  where  companies  want  to  merge 
and  still  keep  separate  Active  Directory  for¬ 
ests,  for  example. 

The  subtleties  with  these  SSO  products 
can  be  daunting.  For  example,  McAfee’s  SSO 
product  supports  Adobe’s  EchoSign  docu¬ 
ment  signing  service,  but  accounts  must  have 
their  own  subdomains  for  the  SAML  magic  to 
work  properly.  The  same  is  true  for  Box  and 
Verisign’s  VIP  token  service  for  Okta:  You 
need  the  full  enterprise  account  with  subdo¬ 
mains  enabled.  So  if  you  are  trying  to  support 
users  who  already  have  their  own  individual 
accounts  on  these  services,  you  might  run  up 
against  problems. 

Logins  can  be  further  protected  with 
multiple-factor  tools.  These  take  the  form 
of  various  hardware  or  software-based 
tokens.  OneLogin  and  Okta  have  the  widest 


multifactor  authentication  support,  includ¬ 
ing  their  own  iPhone  soft  token  apps,  RSA’s 
SecurlD,  SMS  text  messages,  Vasco  tokens, 
Yubico  YubiKey  and  browser  certificates. 
This  important  because  by  using  one  of  these 
tokens,  you  strengthen  all  of  your  associated 
logins  through  the  SSO  process,  without  hav¬ 
ing  to  constantly  find  a  different  multifactor 
token  for  each  individual  login  circumstance. 

However,  each  product  employs  multifactor 
tokens  somewhat  differently.  Okta,  Radiant 
Logic  and  OneLogin  use  it  to  protect  the  entire 
user’s  account  while  McAfee,  Symplified  and 
SecureAuth  can  protect  individual  apps. 

Speaking  of  multifactor  tokens,  there  are 
additional  issues.  One  of  our  test  accounts 
was  with  PayPal  using  its  supplied  SecurlD 
token.  In  order  for  any  of  the  SSO  products  to 
log  in  automatically  to  our  account,  we  would 
first  have  to  remove  this  token  requirement. 
Some  of  the  other  SaaS  services  that  use  mul¬ 
tifactor  authentication,  such  as  Google  Apps 
and  Facebook,  might  also  need  similar  treat¬ 
ment  to  work  with  some  of  the  SSO  services. 

Another  thing  to  look  at  is  how  each  prod¬ 
uct  recovers  from  mistakes  that  you  make 
in  specifying  the  various  login  parameters. 
Given  the  amount  of  information  that  each 
product  requires  to  enable  SSO,  it  is  easy  to 
make  small  mistakes  that  can  take  time  to 
find  and  correct.  You  will  need  to  iterate  back 
through  the  login  process  of  the  SSO  in  your 
own  testing,  to  ensure  that  actual  users  can 
access  their  apps,  and  then  make  changes 
with  the  configuration  screens  in  the  manage¬ 
ment  interfaces.  Some,  such  as  Okta,  are  par¬ 
ticularly  a  problem  here.  This  means  if  you 
test  any  of  these  SSO  products  on  your  live 
network,  be  careful.  If  you  have  set  up  your 
Active  Directory  failed  login  policy  to  lock  out 
users  after  a  small  number  of  attempts,  you 
might  run  into  trouble  while  you  are  testing 
these  products. 

McAfee  Cloud  Identity  Manager 

Intel  has  rebranded  its  Cloud  SSO  offerings 
as  part  of  its  McAfee  division,  and  it  sells  two 
versions:  one  cloud-based,  which  is  newer 
and  has  fewer  features,  and  one  that  installs 
on-premise. 

The  cloud  version  has  fewer  applica¬ 
tions  connectors;  for  example,  it  doesn’t 
support  Office  365  yet.  And  the  cloud  ver¬ 
sion’s  Active  Directory  integration  is  in  beta 
at  the  moment.  The  cloud  offering  is  based 
on  the  Force.com  platform  and  there  are  no 
browser  plug-ins  needed. 

The  older  on-premise  version  from  McAfee 


has  probably  one  of  the  largest  collection  of 
identity  providers  of  any  product  we’ve  seen, 
including  AD,  LDAP,  Google,  OpenID,  Sales- 
force  and  various  SQL  databases. 

One  of  the  interesting  things  is  how  flexible 
and  complex  the  product  can  be:  You  can  set 
up  separate  policies  for  particular  apps  that 
connect  to  particular  identity  providers,  and 
add  two-factor  authentication  for  just  specific 
apps.  If  you  are  in  need  of  its  sophisticated 
policies,  you  probably  want  to  only  look  at  the 
on-premises  version  because  it  can  do  a  lot 
more  than  what  is  offered  in  the  cloud  product. 

As  an  example,  you  can  restrict  logins  per 
app  by  IP  address  range,  to  specific  mobile 
devices,  and  by  day  of  the  week  and  time  of 
day.  All  of  these  settings  are  collected  into  one 
place  for  easy  configuration. 

Both  McAfee  products  allow  for  just-in- 
time  user  provisioning,  provided  you  have  set 
things  up  correctly  and  exchanged  the  neces¬ 
sary  digital  certificates  between  McAfee  and 
the  intended  SaaS  app. 

The  online  cloud  documentation  is  rather 
sparse  but  the  printed  manuals  go  into  more 
detail  on  how  to  set  up  both  Google  and  Sales- 
force  accounts  on  their  service. 

For  both  products,  McAfee  has  one  of  the 
simplest  pricing  models  around,  albeit  one 
that  isn’t  published  on  its  website.  Everything 
is  included  in  the  per-user  subscription  fee, 
which  starts  at  $5  per  user  per  month  and 
drops  to  $1  in  quantity  and  over  multiple  years. 

And  by  everything  we  mean  live  24/7 
support,  as  many  application  connectors 
or  identity  providers  as  you  desire,  and 
unlimited  roles  and  policies.  So  pricing  for 
500  users  would  be  $18,000  for  one  year.  A 
three-year  contract  would  drop  the  cost  to 
$13,300  per  year. 

Numina  Application  Framework 

Numina  has  the  smallest  feature  set  of  the 
products  we  tested.  It  is  more  of  a  develop¬ 
er’s  toolkit  than  a  fully  complete  product.  It 
comes  with  both  on-premise  pieces  —  mainly 
a  Web  service  that  runs  on  an  IIS  server  — 
and  a  cloud  piece.  Unlike  most  of  the  other 
products  in  this  review,  it  doesn’t  offer  two- 
way  synchronization  with  Active  Directory 
or  LDAP  directories;  it  can  only  update  its 
own  user  accounts.  It  also  supports  OpenID 
authentication  methods. 

Setting  up  an  app  that  supports  SAML, 
such  as  Google  Apps,  is  very  straightfor¬ 
ward  and  the  information  to  share  with  the 
corresponding  fields  on  Google’s  Web  form  is 
clearly  displayed. 
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CLEAR  SINGLE  SIGN-ON 

CHOICE 

TEST,)^ 

One  limitation  with  SAML  is  that  the  user 
ID  that  Numina  uses  must  match  the  ID  that 
the  app  provider  requires.  This  could  be  a  big 
issue  if  you  are  going  to  use  it  to  log  in  to  a  lot 
of  different  SAML  apps.  The  other  products 
allow  for  more  flexible  configuration. 

Numina  supports  a  single  multifac¬ 
tor  authentication  —  SMS  text  message  — 
although  there  are  plans  for  more.  However, 
it  excels  in  the  number  of  reporting  choices, 
something  the  far  more  feature-rich  products 
should  take  a  closer  look  at. 

Numina  has  a  very  simple  pricing  scheme, 
based  on  a  single  server  license,  so  our  sample 
500  seats  would  cost  $25,000  for  the  first  year 
and  a  $5,000  maintenance  fee  for  subsequent 
years. 

Okta 

Okta  has  been  in  the  identity  management 
business  a  long  time,  and  it  shows.  It  has 
mostly  a  cloud-based  service  with  several 
pieces  that  are  installed  on  your  network, 
including  browser  plug-ins.  There  are  clear 
workflow  diagrams  showing  what  you  need 
to  finish  your  tasks,  and  separate  tabs  for  set¬ 
ting  up  apps  and  users  and  running  reports. 
This  is  one  of  the  best  features  of  the  product. 

Okta  has  the  ability  to  support  two  Active 
Directory  connectors  to  the  same  directory 
store  for  redundancy.  When  you  set  these  up 
they  are  read-only,  but  you  can  quickly  turn 
on  two-way  synchronization.  The  Active 
Directory  connector  has  its  own  user  inter¬ 
face  and  monitoring  application,  and  can  be 
run  from  any  Windows  server.  There  is  also  a 
separate  piece  of  software  to  handle  the  desk¬ 
top  Windows  login  integration  that  needs  to 
be  installed  on  an  IIS  server. 

The  product  also  has  wide  multifactor 
authentication  support,  including  its  own 
mobile  soft  tokens,  a  security  question  and 
Google  Authenticator.  You  can  enforce  the 
multiple  factors  when  users  are  outside  the 


corporate  network,  or  for  specific  groups,  but 
not  for  specific  applications.  And  you  can 
ask  for  the  multiple  factors  on  a  specific  time 
schedule  (say  once  a  day)  too. 

Okta  has  a  rare  feature  called  Just  in  Time 
provisioning.  This  means  you  can  import  all 
your  Active  Directory  accounts  and  set  things 
up  so  that  when  users  are  ready  to  start  using 
their  SSO  solution,  it  will  try  to  authenticate 
them  with  their  Active  Directory  logins  and 
create  their  accounts  on  the  fly.  This  can  be 
useful  if  you  are  turning  on  SSO  for  a  large 
population  all  at  once. 

Okta  has  excellent  documentation,  with 
plenty  of  screencast  videos  showing  you  how 
to  set  things  up.  It  has  a  catalog  of  more  than 
1,000  apps  that  have  been  pre-configured. 
There  is  also  a  table  showing  browser  sup¬ 
port  that  can  be  reached  from  the  help  screens 
inside  the  Okta  app  itself,  a  nice  touch. 

Reports  show  you  the  last  month’s  worth  of 
app  usage  and  suspicious  activities,  and  how 
many  users  have  never  signed  into  the  system. 

The  Okta  dashboard  gives  a  range  of  appli¬ 
cation  reports  that  can  show  unused  apps  for 
particular  users.  It  also  has  a  nice  task  list 
showing  what  you  still  need  to  do  to  on  the 
service,  alerts  to  any  apps  that  weren’t  set  up 
properly,  and  other  items. 

Okta’s  biggest  downfall  is  how  poorly  it  can 
recover  from  errors  in  the  configuration  pro¬ 
cess.  Once  you  select  an  app  you  can’t  actually 
delete  it,  just  deactivate  it.  If  you  haven’t  set  it 
up  properly  this  can  give  you  fits.  Okta  claims 
this  is  a  feature,  to  aid  with  its  logging  capa¬ 
bilities.  We  disagree. 

Okta  has  several  pricing  plans,  starting  at 
$1  per  user  per  month  for  basic  SSO  and  mov¬ 
ing  up  to  $10  per  user  per  month  for  enter¬ 
prise-level  features  such  as  user  provisioning 
and  more  detailed  reports.  Pricing  for  500 
users  would  be  $60,000  for  the  first  and  sub¬ 
sequent  years.  Live  12/5  support  is  included, 
and  there  are  three  additional  support  plans 


if  you  want  to  go  to  24/7  support. 

OneLogin 

OneLogin  is  a  cloud-based  service  with  sev¬ 
eral  on-premise  pieces  including  browser 
extensions,  a  special  IIS-based  authentication 
script  that  is  used  for  Windows  logins,  and 
an  Active  Directory  connector  for  Windows 
servers  to  establish  the  two-way  directory 
synchronization. 

It  has  one  of  the  largest  app  catalogs,  sup¬ 
porting  more  than  2,600  apps,  and  also  has 
the  ability  to  be  easily  customized  for  forms- 
based  secure  Web  authentication  by  creating 
custom  app  connectors.  That  is  a  nice  touch, 
because  with  some  of  its  competitors,  you 
either  can’t  create  new  app  connectors  or  else 
you  have  to  wait  for  the  vendor  to  create  them 
and  add  to  the  product. 

One  unique  feature  to  OneLogin  is  a  new 
addition  called  Federated  Cloud  Search.  This 
makes  it  easier  to  find  particular  content 
across  your  entire  apps  portfolio  without 
having  to  index  each  specific  site.  If  you  have 
ever  tried  to  look  for  a  document  in  one  of 
your  SaaS-based  providers,  you  will  under¬ 
stand  how  effective  this  feature  can  be.  Not  all 
of  OneLogin’s  apps  support  this  feature  yet. 
Like  some  of  its  competitors,  it  also  supports 
just-in-time  app  provisioning. 

Another  feature  is  the  ability  for  an  SSO 
administrator  to  log  in  as  a  particular  end 
user  to  do  troubleshooting,  called  “assumed 
sign-in.”  You  have  to  enable  this  individu¬ 
ally  by  application,  though.  You  don’t  need  to 
know  the  end  user’s  credentials  but  you  can 
test  out  the  access  to  a  particular  app. 

The  directory  synchronization  is  very  easy 
to  set  up,  and  OneLogin  supports  Active 
Directory,  OpenLDAP,  Google  Apps  and 
Workday.  You  can  set  up  rules  to  map  users  to 
particular  roles  and  groups. 

Its  documentation  is  awesome  with  loads  of 
help  files  on  a  Zendesk  server  that  has  copious 
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screen  shots  and  illustrations  on  how  to  set 
up  various  services.  There’s  a  large  selection 
of  reports  including  all  provisioning  activi¬ 
ties,  various  ones  on  user  status  (suspended, 
active  or  whatnot),  and  a  nice  report  on  weak 
passwords.  You  can  customize  each  report 
and  download  each  as  a  CSV.  There  are  also 
custom  notification  rules,  so  you  can  email 
users  when  they  have  been  locked  out  of 
OneLogin,  for  example. 

A  wide  variety  of  multifactor  authen¬ 
tication  methods  is  supported,  including 
YubiKey,  Verisign  VIP,  FirelD,  SecurlD 
and  OneLogin’s  own  mobile-based  soft 
tokens.  It  can  be  required  for  every  login  or 
for  unknown  browsers,  which  is  not  as  flex¬ 
ible  as  some  of  its  competitors.  Browser  PKI 
certificates  can  be  required  as  an  additional 
factor.  You  can  also  prevent  the  browser  from 
caching  passwords  for  applications  where 
OneLogin  uses  form-based  authentication, 
a  nice  feature.  Finally,  it  integrates  with 
various  SSL  VPNs  (we  didn’t  test  this)  and 
you  can  specify  which  apps  can  be  accessed 
through  the  VPN  gateway. 

OneLogin  offers  several  pricing  plans, 
including  a  free  plan  for  unlimited  users  with 
three  company  apps  and  limited  online  sup¬ 
port.  The  $5  per  user  per  month  enterprise 
plan  widens  this  to  support  unlimited  roles 
and  directories  but  only  includes  daytime 
live  support;  if  you  want  24/7,  that  bumps 
you  up  to  $7  per  user.  That  works  out  for  500 
users  to  be  $35,000  for  the  first  year  and  sub¬ 
sequent  years. 

Radiant  Logic  RadiantOne 

Radiant  started  in  the  directory  manage¬ 
ment  space  and  is  slowly  moving  into  SSO. 
Its  solution  is  for  on-premise,  and  has  two 
main  pieces:  a  Virtual  Directory  Server 
(VDS)  that  handles  identity  federation  and  a 
Cloud  Federation  Service  (CFS)  that  handles 
applications. 

CFS  requires  VDS  to  work:  Think  of  VDS 
as  handling  the  authentication  of  the  user’s 
identity,  then  CFS  contains  a  bunch  of  secure 
tokens  that  can  access  your  various  apps.  It 
isn’t  as  elegant  as  the  other  vendors,  but  it 
can  be  flexible  if  you  understand  which  piece 
of  software  does  what.  There  are  a  few  other 
tools  to  set  up  the  integration  and  deploy¬ 
ment,  such  as  the  Radiant  Trust  Connector 
that  handles  the  Windows  desktop  logins  and 
the  CFS  Deployment  Manager  that  does  what 
its  name  says.  Everything  runs  on  Windows 
Server  2008  R2  with  at  least  IIS  v7.5  and  .Net 
Framework  v4,  and  goes  under  the  name  of 
RadiantOne. 

That  is  a  lot  of  different  pieces  to  keep 
track  of.  Each  piece  has  its  own  printed 


What  to  look  for  in  a  single  sign-on  product 

Each  SSO  service  has  four  basic  features: 

la  There’s  the  single  sign-on  activity  itself,  the  ability  to  automatically  log  in  to  a 
particular  SaaS-based  website  or  on-premise  server.  There  are  several  methods 
for  accomplishing  this;  one  is  using  a  secure  Web  authentication  script  that  sends 
a  username  and  password  to  the  Web  server  to  accomplish  the  login.  This  requires 
the  SSO  product  to  manually  manage  the  login  string.  If  you  decide  to  change 
your  password  for  your  online  banking  site,  for  example,  you  have  to  remember  to 
change  it  in  the  SSO  tool  as  well.  A  second,  and  more  elegant,  method  is  to  use  one 
of  the  identity  standards  such  as  OpenID,  Web  Services  Federation  or  SAML.  Not 
every  SaaS  site  supports  these  standards,  but  more  are  getting  on  board  every  day 
as  a  result  of  the  popularity  of  the  SSO  products. 

Automating  sign-ons  is  just  one  half  of  the  equation.  If  you  want  all  of  your  users 
at  once  to  have  enterprise  Google  Apps  accounts,  you  also  need  to  be  able  to  initi¬ 
ate  provisioning  from  the  SSO  product,  otherwise  you  are  going  to  be  in  for  some 
tedious  times.  Not  every  SaaS  vendor  supports  automated  provisioning  from  every 
SSO  product. 

This  is  where  a  third  authentication  method  comes  into  play:  exchanging  site 
certificates  between  the  SaaS  provider  and  the  SSO  vendor.  While  this  is  initially 
cumbersome,  it  can  make  the  process  go  faster  when  you  want  to  automate  user 
creation  and  provisioning  to  the  SSO  process.  Radiant  Logic  uses  certificates  exclu¬ 
sively  as  its  authentication  method.  The  others  offer  some  combination  of  SAML, 
secure  Web  forms  and  custom  applications  connectors. 

Some  of  the  products  also  make  use  of  browser-based  plug-in  extensions  to 
handle  the  login  tasks. 

2a  Second  is  the  ability  to  work  with  Active  Directory  or  some  other  directory 
service  or  identity  provider  to  handle  user  logins  to  local  desktops  and  other  on¬ 
premises  servers.  This  means  that  you  can  automatically  recognize  the  groups  of 
user  accounts,  such  as  network  administrators.  Some  products  can  do  two-way 
synchronization  of  user  accounts  with  Active  Directory  so  that  as  you  add  or  delete 
users  from  one,  your  actions  are  matched  on  the  other  side.  Other  products  support 
federated  identity  synchronization  with  outside  networks,  such  as  setting  up  a  part¬ 
ner  portal  so  that  individual  logins  from  your  partner  organizations  don’t  need  to  be 
manually  created  on  your  SSO  system. 

Each  product  typically  installs  one  or  more  pieces  of  Windows  server  software  to 
handle  the  Active  Directory  synchronization  tasks.  Some  also  limit  the  amount  of 
Active  Directory  information  that  is  stored  or  transmitted  in  the  cloud  for  security 
reasons. 

3a  Third  is  the  ability  to  manage  roles  of  individual  users  and  their  respective 
access  permissions  to  various  apps.  The  products  have  varying  ways  of  accomplish¬ 
ing  this,  typically  through  particulars  in  their  Web-based  management  consoles. 
Some  also  use  the  Active  Directory  group  identities  as  the  basis  of  how  they 
configure  their  SSO  roles  and  policies.  McAfee  has  the  most  flexible  configuration 
rules,  and  can  set  up  individual  apps  with  a  particular  identity  provider  and  choose 
whether  each  app  needs  to  have  two-factor  authentication. 

4.  Finally  there  is  how  each  product  handles  reports  and  compliance  actions. 
Some  products  have  more  graphical  or  summary  reports  than  others.  These 
products  offer  the  opportunity  for  you  to  track  exactly  how  many  users  are  using 
particular  applications,  so  if  you  are  paying  for  site  licenses,  they  could  save  you 
money  if  you  can  reduce  your  license  counts. 
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documentation,  so  there  is  a  lot  to  review  and 
various  relationships  to  understand  before 
you  can  get  started.  If  you  are  still  running 
earlier  Windows  Server  versions,  this  isn’t 
the  product  to  upgrade  them. 

RadiantOne  handles  its  trusted  relation¬ 
ships  with  its  apps  via  certificates  that  have 
to  be  downloaded  and  installed  separately 
using  the  Deployment  Manager.  This  means 
that  users  are  authenticating  once  with  CFS 
and  then  gain  access  to  the  various  trusted 
apps.  Using  certificates  is  cumbersome  but 
avoids  the  browser  plug-ins  that  many  of  the 
other  vendors  use  for  encrypting  the  login 
credentials. 

But  as  a  result  it  offers  a  paltry  set  of  apps 
that  it  can  automate  logins  with,  including 
Google,  Salesforce,  WebEx  and  a  few  others. 
There  is  no  mechanism  for  secure  Web  access 
or  automatically  adding  a  new  app,  as  there  is 
with  some  of  its  competitors.  You  can  also  pro¬ 
tect  your  user  login  with  SecurlD  tokens. 

Reports  are  poor.  There  is  a  log  export 
to  Excel  feature  in  CFS  but  that  is  more  for 
events  than  anything  a  manager  would 
understand.  The  dashboard  is  bare-bones 
and  just  indicates  which  services  and  con¬ 
nectors  are  running. 

Pricing  is  based  on  a  per-server  basis:  For 
500  users  it  would  be  $25,000  for  the  first 
year  and  $6,250  for  subsequent  years,  which 
includes  24/7  live  support. 

SecureAuth 

SecureAuth  has  a  collection  of  on-premise 
pieces  for  its  SSO  product.  You  need  to  set  up 
its  own  server  on  your  network,  and  you  can 
use  one  that  comes  as  a  virtual  machine  or 
run  SecureAuth’s  software  on  physical  hard¬ 
ware.  Because  of  this  you  will  need  to  review 
the  documentation  on  how  the  SSO  product 
interacts  with  the  built-in  Windows  Server 
firewall  and  make  sure  both  are  configured 
properly.  There  are  also  browser  extensions 
to  download. 

Its  admin  console  is  Web-based  and  perhaps 
the  least  attractive  of  all  the  products  we  tested, 
but  beyond  cosmetics  it  has  lots  of  parameters 
and  configuration  options  to  make  it  a  very 
powerful  SSO  product.  The  trick  is  in  finding 
the  right  menu  and  place  on  the  appropriate 
form  to  fill  out  properly.  For  example,  to  enable 
two-way  Active  Directory  synchronization 
you  set  the  “read  only  account”  to  false  on  the 
membership  connection  settings. 

There  are  numerous  multifactor  authen¬ 
tication  methods  that  are  supported,  includ¬ 
ing  YubiKey,  SMS  text  messaging,  telephone, 
question-and-answer  sessions  and  email 
dialogs.  Like  some  of  its  competitors,  you  can 
block  or  allow  specific  IP  address  ranges,  and 


set  up  workflows  depending  on  whether  you 
are  using  a  trusted  computer  or  accessing 
your  apps  from  a  public  network.  It  supports 
a  wide  range  of  identity  providers  includ¬ 
ing  AD,  Lotus  Notes,  OpenLDAP  and  Novell 
eDirectory. 

SecureAuth  has  the  most  complex  pricing 
plan  of  any  of  the  vendors  we  tested.  There 
is  a  per-user  fee,  which  starts  out  at  $19.50 
per  user  per  year  and  can  drop  quickly  to 
a  few  dollars  a  year  for  the  largest  instal¬ 
lations.  There  are  one-time  per  server  and 
per-app  fees,  both  of  which  start  at  $2,600. 
So  for  a  500-seat  installation,  the  damage 
would  be  $20,000  for  the  first  year  and 
$10,000  for  subsequent  years.  SecureAuth 
needs  to  simplify  this  scheme  with  far  fewer 
options  to  make  it  more  competitive  —  and 
understandable. 

SmartSignin 

Like  McAfee,  SmartSignin  has  two  separate 
offerings:  one  cloud-based  and  one  for  on¬ 
premise.  The  latter  is  only  available  at  the 
higher  Enterprise  price.  The  product  is  still 
in  beta  and  features  are  being  added  rapidly. 
They  integrate  with  three  identity  providers 
at  the  moment:  Google  Apps,  AD  and  Sales- 
force.com.  The  company  is  small  but  seems  to 
be  on  the  right  track. 

For  example,  SmartSignin  seems  to  be 
paying  a  lot  of  attention  to  various  security 
exploits,  which  is  a  good  thing.  It  is  the  only 
one  of  the  SSO  products  we  tested  that  not  only 
requires  a  password  but  a  separate  passphrase 
that  you  and  you  alone  have  knowledge  of,  and 
that  you  have  to  enter  when  you  sign  on  to  the 
SSO  portal.  All  security  information  is  stored 
on  your  desktop. 

Their  Active  Directory  connector  doesn’t 
transmit  information  in  the  clear  in  order  to 
protect  against  man-in-the-middle  attacks  of 
your  directory  content. 

They  are  weak  in  terms  of  application  and 
browser  support,  with  dozens  rather  than 
hundreds  of  apps  pre-configured.  They  are 
also  just  getting  started  on  their  multifactor 
integration.  The  Enterprise  package  has  a 
single  option  for  out  of  band  authentication 
using  text  SMS  messages. 

Their  dashboard  is  well-designed  and 
easy  to  navigate.  There  is  a  single  report  that 
is  just  a  listing  of  events,  which  is  less  than 
satisfying. 

Pricing  for  the  Enterprise  plan  for  500 
users  would  be  $43,200  for  the  first  and 
subsequent  years.  If  you  can  do  without  the 
Enterprise  features  (multiple  roles  and  on¬ 
premises  server),  then  the  Pro  plan  will  bring 
this  down  to  less  than  half  that  amount. 


Symplified 

Symplified  has  two  offerings:  one  that  is 
cloud-based  using  an  Amazon  AMI  and 
one  that  can  be  installed  on-premise  as  a 
VM.  Unlike  the  other  vendors  with  separate 
offerings,  Symplified  has  the  same  feature 
set.  There  are  no  browser  extensions  but  the 
product  has  its  own  Active  Directory  connec¬ 
tor  called  SimpleLink,  which  also  supports 
LDAP  connections  and  is  a  piece  of  software 
that  has  to  be  downloaded  to  any  on-premise 
directory  server.  This  creates  a  secure  tunnel 
that  encrypts  the  authentication  requests. 

Symplified  calls  its  product  an  identity 
router,  and  the  term  is  apt,  as  there  are  lots  of 
access  rules  and  policies  like  you  would  see 
in  your  network  firewall,  but  of  course  con¬ 
cerning  identities.  It  supports  a  large  collec¬ 
tion  of  identity  providers,  which  Symplified 
calls  User  Stores,  including  LDAP,  Oracle, 
Salesforce,  NetSuite,  Google  and  various  SQL 
databases. 

The  app  support  isn’t  as  plentiful  as  it  could 
be,  but  you  can  set  up  your  own  custom  con¬ 
nector  using  the  procedures  and  scripting 
features  in  the  product.  Apps  have  a  rather 
convoluted  workflow  that  isn’t  as  appealing 
as  the  other  products  and  will  take  more  time 
to  debug  and  find  configuration  errors.  This 
is  because  Symplified  separates  the  authen¬ 
tication  from  the  authorization  process.  We 
needed  some  help  with  our  configuration,  but 
imagine  that  once  you  get  the  hang  of  it  you 
can  create  what  you  need  in  a  few  minutes 
once  you  know  how  it  all  works.  After  you 
set  up  your  SSO,  you  hit  the  publish  button 
to  deploy  Symplified  explicitly.  This  adds 
an  extra  step  in  the  debug  cycle  but  we  can 
understand  why  it  is  included. 

Symplified  is  also  weak  on  multifactor 
support,  with  Verisign’s  VIP  tokens  the  only 
choice  for  now.  The  company  plans  on  adding 
other  methods  in  the  near  future. 

The  documentation  is  all  online  and  hyper- 
linked  to  make  it  easy  to  navigate  among  the 
various  pieces.  Reports  are  more  log  files 
although  some  summary  information  can  be 
found  on  the  main  dashboard  page. 

Pricing  has  two  components:  a  one-time 
setup  fee  ranging  from  $1,500  to  $5,000,  and 
a  user  fee.  This  works  out  for  500  users  to 
be  $21,000  for  the  first  year  and  $18,000  for 
subsequent  years,  which  is  on  the  low  end  of 
the  price  scale.  These  prices  include  24/7  live 
support.  ■ 

Strom  is  a  veteran  technology  journalist, 
speaker  and  former  IT  manager.  He  has 
written  two  books  on  computing  and 
thousands  of  articles.  His  blog  can  be  found 
at  Strominator.com. 
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MPE+i 


Internal  investigations,  electronic 
discovery  in  both  the  criminal  and  civil 
courts,  and  routine  audits  are  all  being 
impacted  by  the  unchecked  growth  in 
mobile  devices  and  smartphones. 


Mobile  Phone  Examiner®  Plus  (MPE+) 

created  by  the  undisputed  leader  in  digital 
forensics,  AccessData,  can  help  solve 
your  management  of  mobile  devices 
and  all  the  unique  data  found  on  the 
respective  tablets  and  cellular  devices. 
MPE+  is  the  most  intuitive  and  most  cost 
effective  solution  on  the  market. 

Contact  us  today  to  learn  more. 


AccessData 

A  Pioneer  in  Digital  Investigations  Since  1987 


CONTACT 

801.377.5410 
384  South  400  West 
Suite  200 

Lindon,  UT  84042  USA 


http://www.accessdata.com/products/digital-forenslcs/mobile-phone-examiner 
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Want  an  iPhone  5?  You  might  get  tasered  first 


WELL,  THIS  is  it,  the  last  Backspin  before 
we  roast  another  beast  and  drink  heavily  in 
a  forlorn  attempt  to  damp  the  pain  of  end¬ 
less  caroling  in  every  store  we  go  into  (does  the  tire  store  really  need  to 
play  “Away  in  a  Manger”  amid  the  perfume  of  new  tires?). 

Anyway,  in  this  season  of  compulsive  consumption,  the  gift  that 
keeps  on  giving  (at  least  until  it  is  superseded  by  a  newer,  better  ver¬ 
sion  in  six  months  or  a  year)  is  the  iPhone  5. 

Consider  Mumbai,  where  the  high  cost  of  the  iPhone  5  as  compared 
to  consumer  income  was  predicted  to  result  in  weak  sales.  All  stocks 
of  the  device  were  sold  out  a  few  days  after  its  November  launch! 
Moreover,  it  was  reported  by  India’s  CNN-IBN  that  despite  resupply, 
a  “minimum  waiting  period  for  [the  iPhone]  is  around  10  to  15  days” 
which,  in  turn,  has  triggered  a  wave  of  gray-market  sales. 

China,  where  the  price  of  the  iPhone  5  compared  to  the  average 
wage  is  even  greater,  saw  the  phone  go  on  sale  on  Dec.  14  with  “around 
300,000  online  orders  already  placed  with  China  Unicom,”  reports 
Japan’s  NTD  Television. 

Even  in  the  U.S.  iPhone  5  availability  is  limited,  and  at  some  Apple 
store  locations,  a  “two  per  customer”  maximum  is  in  place.  Of  course, 
if  you’re  committed  to  getting  one  for  each  member  of  your  family  and 
there’s  more  than  two  of  you,  there’s  going  to  be  a  problem. 

And  there  will  be  even  more  of  a  problem  when  your  English  is  poor, 
you  think  that  other  customers  are  being  sold  more  than  the  maximum 
of  two,  and  you  attempt  to  document  this  outrage  by  taking  a  video 
(presumably  using  your  existing  iPhone),  thereby  annoying  the  store’s 
management. 


Such  was  the  rather  confused  tale  of  one  Xiaojie  Li  of  Newton,  Mass., 
who,  after  scoring  two  iPhone  5’s  at  Apple’s  store  in  Nashua,  N.H.,  had 
ordered  two  more  online  and  went  to  pick  them  up  at  the  same  store. 
The  reason  she  drove  40  miles  to  Nashua,  even  though  there’s  an 
Apple  store  in  Newton  a  few  miles  from  her  home,  is  the  lack  of  sales 
tax  in  New  Hampshire. 

When  the  store  management  saw  Ms.  Li  they  asked  her  to  leave  and 
this  was,  it  seems,  when  she  started  videoing  and  a  policeman,  who 
was  moonlighting  as  store  security,  got  involved  and  did  the  obvious 
thing:  He  tasered  her  (there  is,  of  course,  a  video  of  the  whole  incident 
—  tinyurl.com/c8dxnbq). 

This  ridiculously  over-the-top  response  was  described  by  Nashua’s 
chief  of  police  as  justified  because  security  is  needed  to  control  “groups 
who  will  buy  large  numbers  of  the  devices  and  then  sell  them  for  a 
profit  overseas.” 

So,  what  this  comes  down  to  is  the  police  doing  what  they  should, 
protecting  Apple’s  “official”  market  and  the  fact  that  Ms.  Li  was  tasered 
is  the  fault  of  the  Indian  and  Chinese  gray  markets.  Right.  Talk  about 
putting  the  “Christ!”  in  Christmas. 

Here’s  hoping  the  charges  of  criminal  trespass  and  resisting  arrest 
against  Ms.  Li  are  dismissed  and  that  she,  and  you,  have  a  great  holiday. 
And  my  seasonal  purchasing  advice?  Stay  away  from  Apple  stores.  ■ 

Gibbs  is  inclined  to  celebrate  Festivus  in  Ventura,  Calif.  Could  you 
wrestle  him  to  the  floor?  Challenges  to  backspin@gibbs.com  and 
follow  him  on  Twitter  and  App.net  (@quistuipater)  and  on  Facebook 
(quistuipater). 
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BlackBerry  blacklists  the  Pooh  gang 


A  REPORT  surfaced  recently  contending 
that  BlackBerry  OS  10  will  include  a  list  of 
106  prohibited  passwords  designed  to  pre¬ 
vent  the  clueless  from  choosing  the  likes  of  123456,  blackberry,  or  the 
ever-popular  “password”  as  their  password. 

However,  a  RIM  spokesman  clarified  for  me  that  the  list  actually 
applies  to  BlackBerry  ID  universally,  not  only  the  upcoming  operat¬ 
ing  system,  and  “has  been  active  for  some  time  now.” 

What  he  wasn’t  able  to  clarify,  though,  was  why  the  BlackBerry 
blacklist  enforces  such  a  brutally  disproportionate  prohibition  against 
names  found  on  the  character  list  of  “Winnie  the  Pooh.”  Fully  five  of 
the  no-can-do  106  —  tigger,  rabbit,  eeyore,  piglet  and  poohbear  —  are 
plucked  from  the  pages  of  the  children’s  classic. 

Yes,  the  blacklist  is  heavy  on  cartoon  and  fictional  characters,  in  gen¬ 
eral:  mickey,  donald,  barney,  batman,  gandalf,  george  and  snoopy  are 
also  not  allowed.  But  inclusion  or  exclusion  seems  to  carry  little  rhyme 
or  reason,  nursery  or  otherwise. 

Calvin  is  banned,  but  not  hobbes. 

Dorothy  and  wizard  are  forbidden,  but  not  scarecrow  or  tinman. 
Monkey  is  on  the  list,  but  not  flyingmonkey.  (Sure,  longer  character 
length  matters.) 

Want  to  use  snowwhite  as  your  password?  Have  a  party.  Same  goes 
for  all  seven  dwarfs. 

Care  for  a  more  modern  careless  choice?  Butthead  is  out,  but  not 
beavis,  heh-heh.  Homer  is  swell;  so,  too,  simpsons  and  thesimpsons. 

Why  are  Monday  uppercase  and  monday  lowercase  prohibited, 
yet  either  variant  of  the  other  six  days  of  the  week  passes  BlackBerry 


password  muster?  (I’m  assuming  the  answer  is  that  people  try  to  use 
Monday  more  often ...  but  why  might  that  be?  People  hate  Mondays.) 

The  blacklisting  by  BlackBerry  of  molson  makes  some  sort  of  sense, 
I  guess,  since  both  are  products  of  Canada.  But  if  beer  names  are  prob¬ 
lematic  —  and  they  probably  are  —  why  ban  miller  and  not  budweiser, 
other  than  perhaps  the  latter  is  harder  to  spell? 

(By  the  harder-to-spell  standard,  then,  the  least  BlackBerry  could 
have  done  would  have  been  to  leave  poor  eeyore  be,  since  I  have  to  look 
up  that  spelling  every  time.) 

Baseball,  football  and  even  Canada’s  national  religion,  hockey,  are 
all  banned.  But  not  basketball.  The  ninth  letter  was  enough  to  earn 
basketball  a  pass?  Who  knows? 

At  a  glance,  it  would  appear  that  first  names  appear  on  the  list  or  not 
nonsensically.  Andrew,  amanda,  brandy,  chelsea,  jennifer,  Jonathan, 
maggie,  matthew,  michael  (and  mike),  michelle,  natasha,  pamela,  pat- 
rick,  rachel,  steven  (but  not  Stephen),  thomas  and  victoria  are  banned. 

Granted,  victoria  is  a  city  name,  too.  But  natasha  is  a  no-no  while  rob- 
ert,  which  would  seem  to  be  an  automatic  no  siree,  Bob,  sails  on  through. 
Also  OK  are  Charles,  david,  patricia,  richard,  susan  and  william. 

Perhaps  the  oddest  entry  on  the  blacklist  —  oddest  until  I  looked  it 
up  —  is  nccl701.  Now  I  understand  that  I  will  have  to  endure  the  mock¬ 
ery  of  the  “Star  Trek”  crowd  for  having  had  to  look  it  up. 

Of  course,  it’s  not  my  ill-advised  behavior  that  has  earned  the  Star- 
ship  Enterprise  a  spot  on  a  password  blacklist.  ■ 

If  you'd  like  to  get  your  favorite  Pooh  character  off  the  list,  write  to 
RIM.  Otherwise,  the  address  is  buzz@nww.com. 


34  DECEMBER  17, 2012  www.networkworld.com 


Linked  FH 

NETWORKWORLD 


Network  World's  forum  on  Linkedln  is  the  place  for 
network  and  IT  professionals  to  offer  each  other  advice 
and  discuss  the  networking  news  of  the  day.  Network 
World  editors  are  on  hand  to  ensure  that  the  group 
remains  free  of  spam  and  vendor  spin,  and  to  give  their 
take  on  what's  important  in  networking.  Occasionally, 
they'll  poll  the  group  on  controversial  issues  and  you 
can  make  your  voice  heard. 

Ask  a  question.  Post  a  job  listing.  Connect  with 
peers.  Join  Today! 


www.networkworld.com/linkedin 


MIDSIZE  BUSINESSES  ARE  THE  ENGINES  OF  A  SMARTER  PLANET 


FROM  LIMITED  I.T.  RESOURCES 
TO  UNLIMITED  POTENTIAL. 


FOR  MIDSIZE  BUSINESSES, 

A  REDEFINING  MOMENT. 

In  the  past,  midsize 
organizations  with  big  ideas 
were  constrained  by  limited 
IT  resources.  Not  anymore. 
With  the  arrival  of  scalable, 
affordable  cloud  computing, 
sophisticated  ideas  for  new 
products  no  longer  languish. 
Personalized  customer 
service  generates  incremental 
sales.  And  new,  revenue-rich 
markets  are  being  created 
every  day. 


It’s  shaking  up  industries  and 
providing  new  opportunities 
for  new  players,  with  many 
pioneering  midsize  businesses 
once  again  leading  the  way. 
Consider:  92%  of  midsize 
companies  say  they  will  pilot 
or  adopt  a  cloud  solution 
within  the  next  36  months. 

Progressive  companies  like 
LINK  Institute,  the  Swiss 
consumer  research  firm  with 
1 10  employees,  are  doing  it 
right  now. 


What  can  the  cloud  do 
for  your  midsize  business? 


Extend  Collaboration 


Si 


“We  can  assess 
a  consumer’s 
emotive  response 
more  accurately.  ” 

—  Tim  Llewellynn, 
nViso  CEO 
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REINVENT  WITHOUT 
REINVESTING  IN  I.T. 

LINK  wanted  a  faster,  more 
accurate  way  to  measure 
consumer  sentiment. 
Working  with  a  powerful 
facial  recognition  solution 
created  by  IBM  Business 
Partner  nViso  in  the  IBM 
SmartCloud™  LINK  is 
now  capturing  respondent 
reactions  to  marketing 
messages  in  real  time,  via 
home  webcams.  Scores  are 
generated  every  second  for 
7  emotions.  And  LINK  gets 
its  results  up  to  90%  faster. 


In  the  past,  a  data-rich 
solution  like  LINK’S  would 
have  been  impractical  for  a 
midsize  company.  But  in  the 
cloud,  traditional  research  is 
history.  And  a  new  service 
has  transformed  a  business. 

Get  started  by  learning  how 
IBM  and  its  Business  Partners 
are  helping  midsize  businesses 
reinvent  themselves  at 

ibm.com/  engines/cloud 


LET’S  BUILD  A 
SMARTER  PLANET. 
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